lotusnotessecuritytemplate.xml reference
Applies to: FAST Search Server 2010
Use a copy of lotusnotessecuritytemplate.xml to configure the settings for the FAST Search Lotus Notes user directory connector.
The Lotus Notes user directory connector uses the configuration settings to control user and group extraction, and will always extract the whole user directory from Lotus Domino.
Customizing lotusnotessecuritytemplate.xml
To extract users and groups from Lotus Domino and submit them to FAST Search Server 2010 for SharePoint to enable Lotus Notes item level security, configure and run the FAST Search Lotus Notes user directory connector.
Note
To modify a configuration file, verify that you meet the following minimum requirements: You are a member of the FASTSearchAdministrators local group on the computer where FAST Search Server 2010 for SharePoint is installed.
To configure the FAST Search Lotus Notes user directory connector, first create a copy of the lotusnotessecuritytemplate.xml file. Edit the copy in a text or XML editor of your choice (except Notepad) to include the elements and settings for your environment.
Parameter groups quick reference
The following table contains a list of the parameter groups in lotusnotestemplate.xml. These groups can appear in any order.
| Parameter group | Description |
|---|---|
NotesConnection |
Defines the connection between the connector and the Lotus Domino server for content extraction. |
ConnectorExecution |
Specifies general behavior of the connector. |
FSAOutput |
Specifies where the connector should send its output. This includes log files and user store connection details. |
SSOMapping |
Specifies the properties for generating an XML aliasing file that details the mapping between Active Directory® users and Lotus Domino users. |
lotusnotessecuritytemplate file format
XML elements in lotusnotessecuritytemplate.xml begin with < and end with />. The XML is defined in FastConnectorConfig-1.0.dtd.
The basic format is as follows:
<group name="group_name">
<parameter name="parameter_name" type="parameter_type">
<value>value</value>
</parameter>
</group>
Parameter names are case-sensitive, types are not. Parameter names and types must be enclosed in quotation marks (" ").
A parameter definition can span multiple lines. Spaces, carriage returns, line feeds, and tab characters are ignored in an element definition.
For example:
<group name="NotesConnection">
<parameter name="NotesNameServer" type="string">
<value>dominoserver</value>
</parameter>
<parameter name="NotesNameDatabase" type="string">
<value>names.nsf</value>
</parameter>
</group>
Tip
For long parameter definitions, position values on separate lines and use indentation to make the file easier to read.
The FastConfig element is a special case and is required. All other elements are contained within the FastConfig element.
Here is a sample snippet from a configuration file:
<!DOCTYPE FastConfig SYSTEM "dtd/FastConnectorConfig-1.0.dtd">
<FastConfig>
<group name="NotesConnection">
<parameter name="NotesNameServer" type="string">
<value>dominoserver</value>
</parameter>
<parameter name="NotesNameDatabase" type="string">
<value>names.nsf</value>
</parameter>
</group>
</FastConfig>
You can add comments anywhere, delimited by <!-- and -->.
For example:
<!DOCTYPE FastConfig SYSTEM "dtd/FastConnectorConfig-1.0.dtd">
<FastConfig>
<group name="NotesConnection">
<!-- Trying out a different Domino server
<parameter name="NotesNameServer" type="string">
<value>dominoserver</value>
</parameter>
-->
<parameter name="NotesNameServer" type="string">
<value>dominoserver2</value>
</parameter>
<parameter name="NotesNameDatabase" type="string">
<value>names.nsf</value>
</parameter>
</group>
</FastConfig>
Parameter group: NotesConnection
The parameters in this group specify how to connect to the Lotus Domino server for content extraction.
| Parameter | Type | Value | Description |
|---|---|---|---|
NotesNameServer |
string |
text |
Specifies the host name of the Lotus Domino server. |
NotesNameDatabase |
string |
text |
Specifies the name of the database that has the .nsf extension. The database includes the users, groups, and certifiers to extract. |
NotesPassword |
string |
text |
The password that is used to authenticate to the Lotus Notes client. This must match the password that you last used to log on to the Lotus Notes client on this computer. The password must be encrypted. Encrypt it with the <FASTSearchFolder>\bin\connectorpwgen.bat utility. |
The encrypted password cannot contain any new line or white-space characters; remove them when you copy the encrypted password from the console.
Note
The password must be encrypted by the same user who will decrypt it (e.g., the user who will run the connector).
The name of the database that contains the Lotus Domino user directory is usually names.nsf.
Example
<group name="NotesConnection">
<parameter name="NotesNameServer" type="string">
<value>dominoserver.contoso.com</value>
</parameter>
<parameter name="NotesNameDatabase" type="string">
<value>names.nsf</value>
</parameter>
<parameter name="NotesPassword" type="string">
<value>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAPF3E/uqo8kuy05Vfl6hBWAAAAABSAAAATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AdABlAHIAcAByAGkAcwBlACAAUwBlAGEAcgBjAGgAIAAtACAAQwBvAG4AbgBlAGMAdABvAHIAcwAAAANmAACoAAAAEAAAAN/ksvnBFepWFXzS9BFNY6AAAAAABIAAAKAAAAAQAAAAvbI2O5PXmb6wDzAeEfvNeRAAAABEqBeLrh8usMBfBhA7J8t1FAAAAD54sadCcKVwSRyxdU0TO6XjyCdH</value>
</parameter>
</group>
Parameter group: ConnectorExecution
The parameter in this group specifies the logging behavior of the user directory connector.
| Parameter | Type | Value | Description |
|---|---|---|---|
DocumentLoggingFrequency |
integer |
number of entities |
The number of entities (users, groups and group memberships) processed before the connector logs a progress message. If you have tens of thousands of entities, increase this value to avoid flooding the log with messages. Default: 100 |
Example
<group name="ConnectorExecution">
<parameter name="DocumentLoggingFrequency" type="integer">
<value>100</value>
</parameter>
</group>
Parameter group: FSAOutput
The parameters in this group specify where the connector should send its output. This includes log files and user store connection details.
| Parameter | Type | Value | Description |
|---|---|---|---|
OutputDirectory |
string |
text |
The output folder for the connector. Only log files and the XML aliasing file are stored here. The folder is automatically created if it does not exist. The directory can be relative (to the bin folder) or absolute. |
UserStoreHost |
string |
text |
The host name of the server where the Lotus Notes user store is located. A user store contains group membership information about its users, serving as a security gateway to a third-party content repository. |
UserStorePort |
integer |
portnumber |
The port to the Lotus Notes user store. |
SecurityDomainId |
string |
text |
The ID of the Lotus Notes user store. This is a three-letter ID that distinguishes the Lotus Notes user store from other FAST Search Authorization (FSA) user stores. This ID must match the Normalization/SecurityDomainId value in the content connector configuration. Default: lnx |
Normally, you do not need more than one user store for Lotus Notes. The default ID for Lotus Notes is lnx. Therefore, you rarely have to change the SecurityDomainId parameter.
Example
<group name="FSAOutput">
<parameter name="OutputDirectory" type="string">
<value>../var/lotusnotesconnector/security</value>
</parameter>
<parameter name="UserStoreHost" type="string">
<value>localhost</value>
</parameter>
<parameter name="UserStorePort" type="integer">
<value>13271</value>
</parameter>
<parameter name="SecurityDomainId" type="string">
<value>lnx</value>
</parameter>
</group>
Parameter group: SSOMapping
This group includes configuration parameters for generating an XML aliasing file for FAST Search Authorization (FSA) that lists the mapping between Active Directory users and Lotus Domino users. This allows an Active Directory user to perform a search that yields search results from Active Directory content and Lotus Domino databases that this user has access to.
To achieve these results, the user/group document in Lotus Domino must contain the Active Directory user name in one of its attributes.
After running the user directory connector and producing the XML aliasing file, you must manually import the file into FSA.
| Parameter | Type | Value | Description |
|---|---|---|---|
UseSSOMapping |
boolean |
true|false |
If set to true, an XML aliasing file is generated. |
ADUserNameField |
string |
text |
Specifies the name of the attribute in the user/group document (inside the Lotus Domino user directory) that contains the corresponding Active Directory user name. Example: "ShortName" This may also be on the form "FullName(N)" which means that the Active Directory user name will be one of the values in the FullName multi-value field. N specifies the index in FullName for retrieving the Active Directory user name. N=-1 means the last index. |
XMLOutputFileName |
string |
text |
Specifies the name of the generated XML aliasing file. The file will be put in the folder that is specified in the FSAOutput/OutputDirectory parameter. |
Example
The following example uses the default certificate generated by the installer:
<group name="SSOMapping">
<parameter name="UseSSOMapping" type="boolean">
<value>true</value>
</parameter>
<parameter name="ADUserNameField" type="string">
<value>FullName(-1)</value>
</parameter>
<parameter name="XMLOutputFileName" type="string">
<value>ssomapping.xml</value>
</parameter>
</group>
See Also
Reference
lotusnotessecurity.bat reference
Concepts
Manage crawling with the FAST Search Lotus Notes user directory connector