Configuring an IBM Notes Security Provider
Note: You can get familiar with how Coveo components deal with permissions on documents
both at indexing and query time
To configure an IBM Notes security provider
-
On the Coveo server, access the Administration Tool (see Opening the Administration Tool).
-
Select Configuration > Security.
-
In the navigation panel on the left, click Security Providers.
-
In the Security Providers page, click Add to create a new security provider.
-
In the Modify Security Provider page:
-
Configure the following required parameters:
-
Name
-
Choose a meaningful name to identify the security provider.
Example: Notes
-
Security Provider Type
-
In the drop-down list, select Notes (x86).
-
User Identity
-
In the drop-down list, select the user identity that you selected or created previously (see IBM Notes Connector Deployment Overview).
-
Active Directory Security Provider
-
In the drop-down list, select Active Directory or the active directory security provider type that you created to allow this security provider to resolve and expand the groups (see IBM Notes Connector Deployment Overview).
-
Domino Server Name
-
Enter the name of the Domino server that holds the IBM (Lotus) Notes address book (Domino Directory/names.nsf). You must leave the Domino Server Name box empty when the Personal address book is used. One of the possible name form is the Notes hierarchical format ([Department]/[Company name].
Note: The Domino server name is located above the Inbox folder to the left of your Mail Inbox view.
Examples:
-
Sales/IBM (Notes hierarchical format)
-
domino8 [IBM (Lotus) Notes Server Version]
-
maple.ibm.com (Website)
-
172.16.254.1 (IP address)
-
-
User ID File Path
-
Enter the full path to the user.id file that you copied from the IBM Notes server to be used to be used by the connector to authenticate to the Domino server (see IBM Notes Connector Deployment Overview). If left empty, this parameter is assigned the complete path of the current or last user.id used in the IBM Notes client.
Example: C:\CES7\Config\user.id
-
Enter the full path to the security mapping file you created (see IBM Notes Connector Deployment Overview).
Example: C:\CES7\Config\NotesSecurityMappingFile.xml
Notes:
-
The mapping of IBM Notes users to their corresponding Windows users is achieved by the security provider using this file.
-
When you are unable to create a security mapping file, contact Coveo Support for assistance.
-
-
Temporary Working Folder Path
-
Enter the full path to the folder on the Coveo server where temporary files are stored by the security provider. This folder must be unique for each security provider.
Example: C:\tmp\NotesSecurityProvider
-
Notes Setting File (.ini) Path
-
Enter the full path to the notes.ini file that you copied from the IBM Notes server to be used by the connector to initialize the Notes API (see IBM Notes Connector Deployment Overview). This file contains configuration information and user preferences. This is the notes.ini created by the IBM Notes Client installation (local notes.ini). If left empty, this parameter is assigned the path of the current IBM Notes installation.
Example: C:\CES7\Config\notes.ini
-
-
Review the value for the following optional default parameters that often do not need to be modified:
Whether the security mapping file contains multiple resolution methods. When enabled, this parameter make sure every Windows username being formed is validated against the Active Directory.
Enable Safe Mode
Whether the crawling safe-mode is enabled, to avoid conflicts when crawling corrupted Notes databases.
Important: When this parameter is used, you must also add the parameter to the corresponding security provider. Otherwise, the crawling in safe-mode is going to be in a deadlock state when two competing actions are each waiting for the other to finish, and thus neither ever does. Furthermore, crawling in safe-mode is significantly slower comparing to the normal crawling process.
Safe Mode Timeout Time
When the Enable Safe Mode option is selected, this parameter is used to define the timeout time (in milliseconds) on the global mutex that protects the Notes API by blocking the connection to one at a time. The default value is 60000 ms.
Important: Do not change the value of this parameter unless instructed by Coveo Support.
Address Book Expansion Timeout Time
The timeout value (in milliseconds) allowed for the initial expansion of the Domino address book. The default value is 30000 ms.
Note: This process normally takes less than 30 seconds, but with very large address books, the expansion can take as long as several minutes. Adjust this value according to your needs. Once the entire list is built, the connector goes through all users to retrieve the required fields.
Users Cache Life Time
The refresh interval (in minutes) of the users cache (local copy of the Domino address book). The default value is 1440 min (24 h).
Example: When you are performing permission tests, you can temporary reduce this value to a short period such as five minutes to ensure that your permissions changes and notes are quickly made available to the connector. Do not forget to return the parameter to its default value when you are done to prevent overloading the notes server.
Note: When your Domino address book is modified frequently (users are added or deleted), decrease the Users Cache Life Time parameter value here and in your Notes sources with the UsersCacheLifeSpan hidden parameter, so the users cache is updated regularly with the latest user additions/deletions in the Domino address book by synchronization (see Modifying Hidden IBM Notes Source Parameters).
Global Query Timeout Time
The timeout value (in milliseconds) allowed for a query to be executed against the Global address book database before sending an error message. The default value is 30000 ms.
Note: This process normally takes less than 30 seconds, but with very large systems, the process can take as long as several minutes. Adjust this value according to your needs.
-
Click Add Parameter when you want to show and change the value of advanced source parameters (see Modifying Hidden IBM Notes Source Parameters).
-
Leave the Allow Complex Identities cleared as it does not apply to this type of security provider.
-
Click Apply Changes.
-
What's Next?
Create and index a source (see Configuring and Indexing an IBM Notes Source).