Product DocsMenu

Coveo Platform 7.0 >
Administrator Help > Connectors > Oracle UCM Connector > Configuring a Security Provider

Configuring an Oracle UCM Security Provider

A security provider is required to properly set Oracle UCM Content Server documents permissions on Coveo search results.

Notes:

  • As specified in the requirements (see Oracle UCM Connector Requirements), only local Oracle UCM permissions and external authorization using Microsoft Active Directory are supported by the Oracle UCM connector. If this is not the case in your Oracle UCM environment, do not perform the following procedure. Your alternative is to set permissions manually on the source (see Modifying Source Security Permissions).

  • You can get familiar with how Coveo components deal with permissions on documents both at indexing and query time (see Security) .

To configure an Oracle UCM security provider

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. Select Configuration > Security.

  3. In the Security page, in the navigation panel on the left, click Security Providers.

  4. In the Security Providers page, click Add to create a new security provider.

  5. In the Modify Security Provider page:

    1. Configure the following required parameters:

      Name

      Choose a significant name to identify the security provider.

      Security Provider Type

      In the drop-down list, select Oracle UCM (x64).

      User Identity

      Select the Oracle UCM user identity that you created previously.

      Active Directory Security Provider

      Select Active Directory or a custom Active Directory security provider that you created for a specific domain (see Configuring an Active Directory Security Provider).

      UCM Server Url

      The address of the Oracle UCM Content Server web site. This should be the same address as the one specified when you configure the source for the connector (see Configuring and Indexing an Oracle UCM Source). Enter the URL in the following format:

      http://[ucm-host]/[idc]

      where you replace [ucm-host] by the actual Oracle UCM server host name and [idc] by the name of the UCM instance to index.

    2. Review the default value for the following optional parameters:

      UCM Server Port

      The listening port of the Oracle UCM Content Server.  The default value is 4444.

      UCM Settings Life Time

      To improve performance, Oracle UCM role and account membership information is cached by the security provider. This parameter sets the time intervals between cache updates. The default value is 5 minutes.

    3. When you use Oracle UCM external Active Directory permissions, include the following required parameters:

      Using Active Directory Security

      Select the check box to instruct this security provider to use UCM Active Directory permissions.

      Important: For all LDAP URLs, you must enter the LDAP keywords (LDAP, OU, DC...) in uppercase.

      Users LDAP Search Root

      In the box, enter the Active Directory (AD) root location where Oracle UCM users are located. This parameter must be specified in LDAP format and must contain a valid domain naming context.

      Example: LDAP://OU=UCM,DC=acme,DC=com"

      Role LDAP Search Root

      In the box, enter the Active Directory (AD) root location where Oracle UCM roles are located. This parameter must be specified in LDAP format.

      While not required, you can specify a depth in the LDAP tree by adding brackets at the end of the LDAP string. When not specified, a depth of zero is assumed resulting in only AD groups within the specified AD being considered as Oracle UCM roles.

      Example: LDAP://OU=UCM Roles,OU=UCM[1]

      Accounts LDAP Search Root

      The Active Directory (AD) root location where Oracle UCM accounts are located. This parameter must be specified in LDAP format. While not required, you can specify a depth in the LDAP tree by adding brackets at the end of the LDAP string. When not specified, a depth of zero is assumed resulting in only AD groups within the specified AD being considered as Oracle UCM accounts.

      Example: LDAP://OU=UCM Accounts,OU=UCM[2]

    4. When you use Oracle UCM external Active Directory permissions, you can also specify the following optional parameters:

      Role LDAP Search Filters

      In the box, enter the LDAP filter to apply to Active Directory (AD) groups when searching for Oracle UCM roles in the location specified by the Role LDAP Search Root parameter. No filter is defined by default.

      Example: (role_filter=value*)

      Role Name Prefix

      In the box, enter the prefix used for Active Directory groups that represent Oracle UCM roles. If the prefix is found within the group name, only the right part is considered. No prefix is defined by default.

      Example: With $RoleXYZ an Oracle UCM role can be $RoleXYZ.

      Account LDAP Search Filters

      In the box, enter the LDAP filter to apply to Active Directory groups when searching for Oracle UCM accounts in the location specified by the Account LDAP Search Root parameter. No filter is defined by default.

      Example: (!(account_filter=value*))

      Accounts Permission Delimiter

      In the box, enter the delimiter used to optionally specify, in an Active Directory group name, the permission levels of the associated Oracle UCM account. If the delimiter is found within the group name, only the left part is considered. The default value is "_".

      Example: With _, an Oracle UCM account can be AccountABC_rw.

      Accounts Name Prefix

      In the box, enter the prefix used for Active Directory groups that represent Oracle UCM accounts. If the prefix is found within the group name, only the right part is considered. The default value is @.

      Example: With @, an Oracle UCM account can be @AccountABC.

      Default Network Account

      In the box, enter the default network account.

      AD User Name

      In the box, enter the username of the Windows user identity used to connect to Active Directory. When none is specified, the identity of the process running CES is used to connect to Active Directory. No username is defined by default.

      AD User Password

      In the box, enter the password of the Windows user identity used to connect to Active Directory. When none is specified, the identity of the process running CES is used to connect to Active Directory. No password is defined by default.

    5. In the Parameters section, in rare cases the Coveo Support could instruct you to click Add Parameters to specify other security provider parameter names and values that could help to troubleshoot security provider issues.

    6. Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.

  6. Click Apply Changes.

What's Next?

Configure and index the Oracle UCM source (see Configuring and Indexing an Oracle UCM Source).

People who viewed this topic also viewed