Product Selector

Fusion 5.9
    Fusion 5.9

    Use the Active Directory ACL Collection (V1)

    The Active Directory Connector for ACLs indexes Access Control List (ACL) information into a configured "sidecar" Solr collection, so that it can be used by other connectors.

    This article describes how to use an ACL collection generated by the Active Directory Connector for ACLs in V1 platform version.

    During the security trimming stage, the ACL collection is queried using a Solr graph query, which creates a graph of the results using nodes from one document to another.

    To use the ACL collection, provide the inputs described below when configuring the Active Directory Connector for ACLs:

    Input Description Example

    Start Links

    Each LDAP or LDAPS URL that is crawled.

    ldaps://na.lucidworks.com

    LDAP User Principal

    The user principal account that crawls LDAP.

    firstname.lastname@na.lucidworks.com

    LDAP User Password

    The password of the user that crawls LDAP.

    Password123

    LDAP Search Base

    The base DN that performs the crawl.

    DC=na,DC=lucidworks,DC=com

    LDAP User Base (optional)

    A list of users that are permitted to access a specific LDAP base.

    OU=Users,DC=na,DC=lucidworks,DC=com

    LDAP Group Base (optional)

    A list of groups that are permitted to access a specific LDAP base.

    OU=Groups,DC=na,DC=lucidworks,DC=com

    LDAP User Filter (optional)

    A custom attribute filter that finds user records in LDAP.

    (&(objectclass=user)(sAMAccountName=*))

    LDAP Group Filter (optional)

    A custom attribute filter that finds group records in LDAP.

    (&(objectclass=group))

    SOLR ACL Collection Name

    The name of the ACL collection.

    acl

    Index sAMAccountName Users (Active Directory only)

    When active, a document is created in the ACL collection representing a user with an ID of sAMAccountName. This allows security trimming on the domain\username version of the username.

    true

    Index userPrincipalName Users (Active Directory only)

    When active, a document is created in the ACL collection representing a user with an ID of userPrincipalName. This allows security trimming on the username@fqdn.com version of the username.

    false