Connector Configuration

In some scenarios, it can be useful to provide a system property or an environment variable within a configuration value. For example, you might want to distribute multiple connector instances over different containers and have certain configured parameters adapted according to specific system properties or environment variables, respectively. You can do this by providing a placeholder of the form ${my.system.property} within the value of some configuration option. The connector will resolve this property when reading the configuration, i.e., the placeholder will be replaced by the value of the corresponding system property / environment variable.

However, for security reasons this replacement is disabled by default. A malicious user could misuse this feature to obtain sensitive information about the connector environment such as the host’s operating system, the user under which the connector is running etc. You can mitigate this issue e.g. by restricting the access to the connector UI.

If you want to enable the resolution of system properties and environment variables, set the system property resolvePlaceholdersInPropertyValues to true. This can be done, for example, in the connector’s start script under the bin directory as follows.
In connector.bat (Windows):
set CONNECTOR_OPTS="-DresolvePlaceholdersInPropertyValues=true"
In connector (Linux/Unix):
CONNECTOR_OPTS='"-DresolvePlaceholdersInPropertyValues=true"'

HCL Connections Configuration

Source System Configuration

Configuration options to establish a connection to the target HCL Connections instance.

Name Property Key Description

Connection URL

raytion.connector.agent.connections .serverUrl

The URL to your HCL Connections server including protocol and port (e.g., https://connections.mynetwork.com:9444). This setting is mandatory.

Public URL

raytion.connector.agent.connections .publicUrl

Denotes the URL to the client access point, if it differs from the technical connection URL. The connector computes certain URLs based on document information (e.g., parent community IDs). Use this setting when client access is done on a different URL than the technical access to the seedlists. This setting is optional.

Technical User Account

raytion.connector.agent.connections .server.username

Username of the technical user for accessing HCL Connections. The technical user must have the search-admin role for blogs, communities, files, forums, profiles, and wikis. For principal traversal and access to restricted communities, also provide the community moderator and wiki widget-admin roles. This setting is mandatory.

Technical User Password

raytion.connector.agent.connections .server.password

Password of the technical user for accessing HCL Connections. Use the password encryption tool to encrypt the password. This setting is mandatory.

Advanced Connection Settings

Configuration options related to fine-tuning the connection to the HCL Connections instance.

Name Property Key Description

Connection Timeout

raytion.connector.agent.connections .server.connectionTimeout

The timeout until a connection must be established. Defaults to 60 seconds.

Socket Timeout

raytion.connector.agent.connections .server.socketTimeout

An inactive connection will be treated as terminated after this duration. Defaults to 60 seconds.

Use ID in Wiki URL

raytion.connector.agent.connections .server.useIdInWikiUrl

Optional setting to include the ID in the URL when requesting Wiki items. Defaults to true.

SSL Authentication

Optional configuration options when authenticating the Connector against HCL Connections via SSL with the help of a KeyStore.

Name Property Key Description

Activate Custom Keystore SSL Authentication

raytion.connector.agent.connections .server.useCustomSslKeystore

Optionally choose to define a custom keystore for SSL/TLS connections to HCL Connections. The keystore can be used for client certificate authentication and/or for trusting self-signed server certificates. If disabled, the JVM’s default truststore is used for validating server certificates.

KeyStore File

raytion.connector.agent.connections .server.sslAuth.keyStoreFile

Path to the key store file. The keystore should contain the server’s certificate (or CA certificate) to trust self-signed certificates, and/or a private key for client certificate authentication.

KeyStore Type

raytion.connector.agent.connections .server.sslAuth.keyStoreType

The type of the KeyStore-file given. We strongly recommend using PKCS12, as JKS may be deprecated in a future update.

KeyStore Password

raytion.connector.agent.connections .server.sslAuth.keyStorePassword

Password for the key store. This password is used to open the keystore file.

Key Alias

raytion.connector.agent.connections .server.sslAuth.keyAlias

The alias of the private key to use for client certificate authentication. Only required if the keystore contains multiple private keys.

Key Password

raytion.connector.agent.connections .server.sslAuth.keyPassword

The password to access the private key within the key store. Only required if the keystore contains a private key for client certificate authentication. If not specified, the key store password will be used.

Configure Document Extraction from HCL Content Manager

The connector can also crawl documents coming from the HCL Content Manager. In order to activate this feature, use the following configuration option:

Name Property Key Description

Fetch Libraries (through Communities)

raytion.connector.agent.connections.content-traversal.fetchLibrariesByCommunities

Set to true to enable crawling of documents from HCL Content Manager. Default value is false.

Filter Configuration

There are various options to exclude documents from being synchronized, e.g. by providing a list of certain applications to exclude.

You can also define a file size threshold for attachments. Any attachments larger than that value will still be indexed, but their content will not be fetched. The default value is 100 Megabytes.

The following is a summary of the configuration options for excluding files or folders from the search index and controlling extraction of additional metadata:

Name Property Key Description

File Size Threshold

raytion.connector.agent.connections .content-traversal.fileSizeThreshold

This element determines a size threshold (in Bytes) telling the connector that the content of any attached files which exceed the threshold should not be fetched. Default value is 100 Megabytes.

Applications to Exclude

raytion.connector.agent.connections .content-traversal.applicationsToSkip

These values determine applications which should not be indexed. Possible values: wikis, files, activities, profiles, forums, communities, dogear, blogs, news (profile updates), dm/atom (FileNet ECM entries). This setting is optional.

Extract Parent Titles

raytion.connector.agent.connections .content-traversal.fetchParentTitles

If this is turned on, parent community titles will be extracted for documents which are contained in a community. In order to do so, the technical user must have at least the moderator role within the communities application. This setting is optional and false by default.

Extract File Comments

raytion.connector.agent.connections .content-traversal.extractComments

By default, the connector extracts file comments as separate items. If you want to not extract any file comments, set this parameter to false. This setting is optional and true by default.

Fetch Related Communities Link

raytion.connector.agent.connections .content-traversal.fetchRelatedCommunitiesLink

Adds links to related communities, if this value is set to true. The link generation means further reach outs to the HCL Connections API. By default this value is set to false. This setting is optional.

Fetch Related Communities

raytion.connector.agent.connections .content-traversal.fetchRelatedCommunities

Include URLs and descriptions of related communities (if any). This requires further requests to the HCL Connections API. By default this value is set to false. This setting is optional.

Fetch Community Members

raytion.connector.agent.connections .content-traversal.fetchCommunityMembers

Extract all community members as part of the indexed documents. This setting is optional and true by default. Note: The extraction may take a significant amount of crawl time, consider setting it to false to improve traversal performance.

Synchronize inactive Profiles

raytion.connector.agent.connections .content-traversal.synchronizeInactiveProfiles

Include inactive user profiles in the traversal. This setting is optional and false by default.

Principal Traversal and Aliasing

As HCL Connections brings a kind of Custom Security with it, the connector handles custom access rights. On the one hand, it extracts Access Control Lists (ACLs) for the respective documents. On the other hand, it provides a principal traversal, where access permissions for the users to communities and wikis are extracted. This information is send as pairs of user IDs and Community or Wiki GUIDs to the security module.

In order to send the right user IDs to the security module, the connector also supports two kinds of aliasing:

Identity Aliasing

In order to not do any aliasing on the user IDs, set the aliasing type to NONE. Per default, the connector does not perform an aliasing.

Name Property Key Description

Aliasing Type

raytion.connector.agent.connections.principal.aliasingType

Set to NONE to disable aliasing on user IDs.

Aliasing Based on Connections Profile Information

This approach uses given informations from the user’s Connections profile to alias the GUID to something else. Here, the connector can be configured to access any profile attribute to alias the user’s GUID accordingly.

This means that during the principal traversal all user GUIDs are aliased to the given field from the profile.

Name Property Key Description

Aliasing Type

raytion.connector.agent.connections .principal.aliasingType

Set to PROFILES to enable profile-based aliasing.

Profile Aliasing Field

raytion.connector.agent.connections .principal.profileAliasing.aliasingField

The profile attribute to use for aliasing the user’s GUID. This can be either a well-known field name or any WPLC field identifier from HCL Connections profiles. See the "Supported Field Values" section below for a complete list of available field names. If the profile attribute contains multiple values, only the first value will be used.
Supported Field Values

The profileAliasing.aliasingField property accepts the following types of values:

Well-Known Profile Field Names

These field names directly map to properties extracted from the HCL Connections Profile domain:

Field Name Description

mail

User’s email address(es)

givenName

User’s given name (first name)

surName

User’s surname (last name)

displayName

User’s full display name

employeeNumber

Employee number

userState

User state (e.g., "active" or "inactive")

officePhone

Office telephone number

ipPhone

IP telephone number

mobile

Mobile phone number

fax

Fax number

pager

Pager number

building

Building identifier

floor

Floor number

officeAddress

Physical office address

managerId

Manager’s user ID

secretaryId

Secretary’s UID

secretary

Secretary’s display name

manager

Manager’s UID

responsibility

Job responsibilities

aboutMe

User’s "About Me" information

experience

User’s experience description

blogUrl

User’s blog URL

linkToProfilePicture

URL to user’s profile picture

title

Profile title

internalId

Internal profile ID

url

Profile URL

tags

First profile tag

tagsOriginal

First of the "original" profile tags

authors

First author name

authorIds

First author ID
WPLC Field Identifiers

Any WPLC field identifier available on the Profile entity coming from HCL Connections can be used. Hence, also any "extra attributes" FIELD_EXTATTR_<attribute_name> can be used for aliasing.

For instance:

WPLC Field ID Description

FIELD_UID

User’s unique identifier

FIELD_EMPLOYEE_NUMBER

Employee number

FIELD_USER_STATE

User state

FIELD_TAG

First profile tag

FIELD_EXTATTR_SAMACCOUNTNAME

Active Directory SAM account name - commonly used for Windows domain authentication

FIELD_EXTATTR_OBJECTSID

Windows Security Identifier (SID) - unique identifier for Active Directory objects

FIELD_EXTATTR_USERPRINCIPALNAME

Active Directory User Principal Name (UPN)

FIELD_EXTATTR_<custom>

Any custom extended attribute configured in your HCL Connections profile system
The specific extended attributes available depend on your HCL Connections configuration and the attributes synchronized from your directory service. The above values are just common exemplary values.

CSM Configuration

Required Configuration Properties

CSM Connection Settings

Configuration options for the connection to the target CSM instance.

Name Description

CSM endpoint

URL of the CSM instance to connect to.

CSM Authentication Settings

Configuration Options for the authentication against the target CSM instance.

Name Description

Username

Username of the technical user.

Password

Password of the technical user.

Optional Configuration Properties

CSM Connection Settings

Configuration options for fine-tuning the Http connection parameters.

Name Description

Concurrent Connections

Maximum number of concurrent open connections.

Requests Rate

Maximum number of requests per second.

Connect Timeout in Milliseconds

Timeout of the connect request.

Socket Timeout in Milliseconds

Timeout of the socket connected to CSM.

Request Timeout in Milliseconds

Timeout of a request to CSM.

CSM Ingestion Settings

Configuration options to specify how principals are ingested in the CSM.

Name Description

Domain

Namespace under which to ingest principals.

Microsoft Sharepoint Configuration

CrawlTrigger Service Settings

CrawlTrigger Service settings for fetching Submissions to SharePoint.

Name Property Key Description

Endpoint

raytion.connector.backend.sharepoint.bcs
.crawl.service.endpoint

Endpoint of the CrawlTrigger Service.

Content Source Name

raytion.connector.backend.sharepoint.bcs
.crawl.service.contentSourceName

Name of the content source configured in SharePoint.

Domain

raytion.connector.backend.sharepoint.bcs
.crawl.service.domain

User Domain for the Authentication process.

Username

raytion.connector.backend.sharepoint.bcs
.crawl.service.username

Username to authenticate to CrawlTrigger Service.

Password

raytion.connector.backend.sharepoint.bcs
.crawl.service.password

Password to authenticate to CrawlTrigger Service.

Connection Timeout

raytion.connector.backend.sharepoint.bcs
.crawl.service.connectionTimeout

Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.

Receive Timeout

raytion.connector.backend.sharepoint.bcs
.crawl.service.receiveTimeout

Specifies the amount of time, in milliseconds, that the consumer will wait for a response before it times out. 0 is infinite.

Crawl Trigger Size

raytion.connector.backend.sharepoint.bcs
.crawl.service.crawlTriggerSize

The size of cached Submissions to trigger a BCS Crawl.

Crawl Interval

raytion.connector.backend.sharepoint.bcs
.crawl.service.crawlInterval

Duration interval for checking if a crawl has to be triggered.

Inserting Idle Duration

raytion.connector.backend.sharepoint.bcs
.crawl.service.submissionInsertingIdleTime

Time duration that no other Submission is inserted to cache. After this time, a Crawl will be triggered even if the Trigger Size was not exceeded.

Submission Repository Limit Settings (Optional)

Settings for limiting the Submission number the Repository can have, so that the used disc space is limited.

Name Property Key Description

Max. Unprocessed Submissions

raytion.connector.backend.sharepoint.submission
.repository.limit.maxUnprocessedSize

Maximum unprocessed Submissions inside the repository. If Submissions exceed this number then insertions are blocked until other Submissions are removed from repository.

Max. Insertion Waiting Time

raytion.connector.backend.sharepoint.submission
.repository.limit.maxWaitingDuration

Maximum insertion waiting time in case the Repository reaches the maximum size limit. After this duration the Submission will be rejected and marked as failed from the Connector.

Repository Size Retrieval Interval

raytion.connector.backend.sharepoint.submission
.repository.limit.sizeRetrievalInterval

Duration interval in which the connector retrieves the current number of unprocessed Submissions in the Repository.

Submission Repository Sanitize Settings (Optional)

Settings for sanitize service of the Submission repository.

Name Property Key Description

Submission Expiration Time

raytion.connector.backend.sharepoint.submission
.repository.sanitize.expirationTime

Max. Duration that submissions will remain in the repository in case SharePoint does not request them.

Sanitize Interval

raytion.connector.backend.sharepoint.submission
.repository.sanitize.sanitizeInterval

Duration interval for cleaning up the Submission repository from expired Submissions.

General Configuration

Database Configuration

Name Property Key Description

Configuration Type

raytion.connector.db.config.type

Supported are PostgreSQL, MS SQL Server, and JDBC URL configuration.

PostgreSQL

Name Property Key Description

Host

raytion.connector.db.config.postgres.host

Domain name or IP address of the database server.

Port

raytion.connector.db.config.postgres.port

Specifies the port number PostgreSQL is listening on, default is 5432.

Database Name

raytion.connector.db.config.postgres.name

Name of the database.

Username

raytion.connector.db.config.postgres.username

Username to authenticate with. The regarding user has to have read and write permissions to the database.

Password

raytion.connector.db.config.postgres.password

Password of the configured database user.

Add Custom Parameter

raytion.connector.db.config.postgres.addParameters

Enables the configuration of additional parameters.

MS SQL Server

Name Property Key Description

Host

raytion.connector.db.config.mssql.host

Domain name or IP address of the database server. Instance to connect to on server can be specified by '‹server_name>|<instance_name>'.

Port

raytion.connector.db.config.mssql.port

Specifies the port number MS SQL Server is listening on, default is 1433.

Database Name

raytion.connector.db.config.mssql.name

Name of the database.

Username

raytion.connector.db.config.mssql.username

Username to authenticate with. The regarding user has to have read and write permissions to the database.

Password

raytion.connector.db.config.mssql.password

Password of the configured database user.

Add Custom Parameter

raytion.connector.db.config.mssql.addParameters

Enables the configuration of additional parameters.

JDBC URL

Name Property Key Description

URL

raytion.connector.db.config.jdbc.url

JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: jdbc:postgresql:<host>:<port>/<database>

Username

raytion.connector.db.config.jdbc.username

Database Username to read and write to database.

Password

raytion.connector.db.config.jdbc.password

Database Password for the specified user

Traversal Configuration

Name Property Key Description

Traversal History Length

raytion.connector.agent.traversal
.store.historyLength

Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)

Include Checksum

raytion.connector.agent.traversal
.pipeline.includePipelineChecksum

If enabled, any changes made to the pipeline e.g. configuration, the subsequent incremental run triggers a refeed of all items.

Change Processing Interval

raytion.connector.agent.traversal
.changeprocessing.interval

Interval between change processing traversals.

Resume on Start

raytion.connector.agent.traversal
.resume.resumeTraversalOnRestart

If enabled, any traversals in paused state are automatically resumed after the connector restart. Otherwise, the traversal remains in paused state.

Number of Traversal Workers

raytion.connector.agent.traversal
.workers.worker

Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)

Traversal Job Poll Interval

raytion.connector.agent.traversal
.workers.jobPollInterval

Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)

Completion Timeout

raytion.connector.agent.traversal
.workers.completionTimeout

If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Executor Size

raytion.connector.agent.traversal
.execution.executorSize

The executor size restricts the max. number of concurrent running traversals.

Queue Size

raytion.connector.agent.traversal
.execution.queueSize

The queue size restricts the max. number of queued traversals. If the value is exceeded, the connector rejects further traversal requests until the queue size is below the configured size.

Traversal Jobs

Name Property Key Description

Job Timeout Check Frequency

raytion.connector.job-broker.heartbeatPeriod

Configures how often the connector checks for timed out jobs.

Job Timeout

raytion.connector.job-broker.heartbeatTimeout

The duration for which a job can stay idle before it is timed out.

Job Cache Size

raytion.connector.job-broker.jobPollCacheSize

Max. cache size of Jobs waiting for processing in memory. When cache is empty, next batch is fetched.

Security Configuration

Request Restriction Settings

Name Property Key Description

Accepted Host Names

raytion.connector.security
.requests.acceptedDomains

A list of domains (+ port) that are allowed as host names in the headers of HTTP requests to the connector. This means that you can access the connector only via a URL that employs one of the configured domains. Each entry must have the format domain:port. Examples:

  • localhost:16120

  • connector.company.com:16120

If no domains are configured (the default), then you can use any domain via which the connector host is reachable.

Principal Aliaser Configuration

Principal Aliasing is applied on user information as part of Content ACL processing during Content Synchronization and Principal processing during Principal Synchronization. It’s purpose is to map external source system user to the corresponding user in search engines domain. You can configure a list of aliasers in the connector which will be applied in sequence and in order on user ACEs and user principals. The Connector supports following custom aliasing mechanism.

Custom Aliaser Disabled

If the Custom Aliaser checkbox is not selected, the connector will process user information on ACE and user principals unchanged to Search Engine. If all relevant users in the source system can be found with the same identifier in the search engine, this setup is sufficient to reflect the same secure search experience in the search engine as defined by the policy in the source system. The connector uses this option as default to process user information.

Custom Aliaser Enabled

If custom aliasing is enable then there are four types of aliaser avaialble:

Simple XML Table Aliaser

Static mapping table which can be uploaded as XML file. The connector uses the uploaded file as lookup table to map a user in the source system to a user in the search engine. Users missing a record in the file will be dropped from the ACE and during Principal Synchronization. This option is only recommended for environment with a manageable amount of users as for each user the corresponding mapping entry needs to be specified in the file.

Name Description

XML Mapping File

Browse and upload or drag and drop.

Sample XML mapping file:

<?xml version="1.0" encoding="UTF-8"?>
<storeddata>
    <entry keyValue="user1">user1@raytion.com</entry>
    <entry keyValue="user2">user2@raytion.com</entry>
    <entry keyValue="user3">user3@raytion.com</entry>
</storeddata>
Regex Replacer Aliaser

Regex Replacer Aliaser computes aliases based on a regular expression. Principals that match the regular expression are replaced by the Substitution String.

Name Property Key Description

Pattern

raytion.connector.aliaser.aliasers[*]
.replacer.pattern

The regular expression to match, this is the part that will be replaced. If braces (…​) are used in the pattern then the matched value can be retrieved using $1

Substitute String

raytion.connector.aliaser.aliasers[*]
.replacer.substituteString

String to replace the matching part of the find string. Matched value is accessed by employing $1
Regex Extractor Aliaser

Regex Extractor Aliaser computes aliases based on a regular expression. Principals that match the regular expression are inserted into the Insert-Into String.

Name PropertyKey Description

Pattern

raytion.connector.aliaser.aliasers[*]
.extractor.pattern

The regular expression to match, this is the part that will be inserted into the new value. If braces (…​) are used in the pattern then the matched value can be retrieved using $$

Insert-Into String

raytion.connector.aliaser.aliasers[*]
.extractor.insertIntoString

String to replace the matching part of the pattern. Matched value is accessed by employing $$
LDAP Aliaser

Ldap Aliaser searches for an LDAP entry with the requested name in the input value and returns the specified output attribute.

Name Property Key Description

Host

raytion.connector.aliaser.aliasers[*]
.ldap.host

Fully Qualified Domain Name of an LDAP server

Port

raytion.connector.aliaser.aliasers[*]
.ldap.port

Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL

AccountDN

raytion.connector.aliaser.aliasers[*]
.ldap.bindAccountDN

AccountDN for bind to LDAP

Password

raytion.connector.aliaser.aliasers[*]
.ldap.password

Password part of credentials

Input Field

raytion.connector.aliaser.aliasers[*]
.ldap.inputField

The Active Directory attribute name for this equality filter

Search Root DN

raytion.connector.aliaser.aliasers[*]
.ldap.baseDN

Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree

Output Field

raytion.connector.aliaser.aliasers[*]
.ldap.outputField

Attribute that should be returned in result entries