Connector Configuration

In some scenarios, it can be useful to provide a system property or an environment variable within a configuration value. For example, you might want to distribute multiple connector instances over different containers and have certain configured parameters adapted according to specific system properties or environment variables, respectively. You can do this by providing a placeholder of the form ${my.system.property} within the value of some configuration option. The connector will resolve this property when reading the configuration, i.e., the placeholder will be replaced by the value of the corresponding system property / environment variable.

However, for security reasons this replacement is disabled by default. A malicious user could misuse this feature to obtain sensitive information about the connector environment such as the host’s operating system, the user under which the connector is running etc. You can mitigate this issue e.g. by restricting the access to the connector UI.

If you want to enable the resolution of system properties and environment variables, set the system property resolvePlaceholdersInPropertyValues to true. This can be done, for example, in the connector’s start script under the bin directory as follows.
In connector.bat (Windows):
set CONNECTOR_OPTS="-DresolvePlaceholdersInPropertyValues=true"
In connector (Linux/Unix):
CONNECTOR_OPTS='"-DresolvePlaceholdersInPropertyValues=true"'

HCL Connections Configuration

Source System Configuration

Configuration options to establish a connection to the target HCL Connections instance.

Name Property Key Description

Name	Property Key	Description
Connection URL	`raytion.connector.agent.connections .serverUrl`	The URL to your HCL Connections server including protocol and port (e.g., `https://connections.mynetwork.com:9444`). This setting is mandatory.
Public URL	`raytion.connector.agent.connections .publicUrl`	Denotes the URL to the client access point, if it differs from the technical connection URL. The connector computes certain URLs based on document information (e.g., parent community IDs). Use this setting when client access is done on a different URL than the technical access to the seedlists. This setting is optional.
Technical User Account	`raytion.connector.agent.connections .server.username`	Username of the technical user for accessing HCL Connections. The technical user must have the search-admin role for blogs, communities, files, forums, profiles, and wikis. For principal traversal and access to restricted communities, also provide the community moderator and wiki widget-admin roles. This setting is mandatory.
Technical User Password	`raytion.connector.agent.connections .server.password`	Password of the technical user for accessing HCL Connections. Use the password encryption tool to encrypt the password. This setting is mandatory.

Connection URL

raytion.connector.agent.connections .serverUrl

The URL to your HCL Connections server including protocol and port (e.g., https://connections.mynetwork.com:9444). This setting is mandatory.

Public URL

raytion.connector.agent.connections .publicUrl

Denotes the URL to the client access point, if it differs from the technical connection URL. The connector computes certain URLs based on document information (e.g., parent community IDs). Use this setting when client access is done on a different URL than the technical access to the seedlists. This setting is optional.

Technical User Account

raytion.connector.agent.connections .server.username

Username of the technical user for accessing HCL Connections. The technical user must have the search-admin role for blogs, communities, files, forums, profiles, and wikis. For principal traversal and access to restricted communities, also provide the community moderator and wiki widget-admin roles. This setting is mandatory.

Technical User Password

raytion.connector.agent.connections .server.password

Password of the technical user for accessing HCL Connections. Use the password encryption tool to encrypt the password. This setting is mandatory.

Advanced Connection Settings

Configuration options related to fine-tuning the connection to the HCL Connections instance.

Name Property Key Description

Name	Property Key	Description
Connection Timeout	`raytion.connector.agent.connections .server.connectionTimeout`	The timeout until a connection must be established. Defaults to 60 seconds.
Socket Timeout	`raytion.connector.agent.connections .server.socketTimeout`	An inactive connection will be treated as terminated after this duration. Defaults to 60 seconds.
Use ID in Wiki URL	`raytion.connector.agent.connections .server.useIdInWikiUrl`	Optional setting to include the ID in the URL when requesting Wiki items. Defaults to `true`.

Connection Timeout

raytion.connector.agent.connections .server.connectionTimeout

The timeout until a connection must be established. Defaults to 60 seconds.

Socket Timeout

raytion.connector.agent.connections .server.socketTimeout

An inactive connection will be treated as terminated after this duration. Defaults to 60 seconds.

Use ID in Wiki URL

raytion.connector.agent.connections .server.useIdInWikiUrl

Optional setting to include the ID in the URL when requesting Wiki items. Defaults to true.

SSL Authentication

Optional configuration options when authenticating the Connector against HCL Connections via SSL with the help of a KeyStore.

Name Property Key Description

Name	Property Key	Description
Activate Custom Keystore SSL Authentication	`raytion.connector.agent.connections .server.useCustomSslKeystore`	Optionally choose to define a custom keystore for SSL/TLS connections to HCL Connections. The keystore can be used for client certificate authentication and/or for trusting self-signed server certificates. If disabled, the JVM’s default truststore is used for validating server certificates.
KeyStore File	`raytion.connector.agent.connections .server.sslAuth.keyStoreFile`	Path to the key store file. The keystore should contain the server’s certificate (or CA certificate) to trust self-signed certificates, and/or a private key for client certificate authentication.
KeyStore Type	`raytion.connector.agent.connections .server.sslAuth.keyStoreType`	The type of the KeyStore-file given. We strongly recommend using PKCS12, as JKS may be deprecated in a future update.
KeyStore Password	`raytion.connector.agent.connections .server.sslAuth.keyStorePassword`	Password for the key store. This password is used to open the keystore file.
Key Alias	`raytion.connector.agent.connections .server.sslAuth.keyAlias`	The alias of the private key to use for client certificate authentication. Only required if the keystore contains multiple private keys.
Key Password	`raytion.connector.agent.connections .server.sslAuth.keyPassword`	The password to access the private key within the key store. Only required if the keystore contains a private key for client certificate authentication. If not specified, the key store password will be used.

Activate Custom Keystore SSL Authentication

raytion.connector.agent.connections .server.useCustomSslKeystore

Optionally choose to define a custom keystore for SSL/TLS connections to HCL Connections. The keystore can be used for client certificate authentication and/or for trusting self-signed server certificates. If disabled, the JVM’s default truststore is used for validating server certificates.

KeyStore File

raytion.connector.agent.connections .server.sslAuth.keyStoreFile

Path to the key store file. The keystore should contain the server’s certificate (or CA certificate) to trust self-signed certificates, and/or a private key for client certificate authentication.

KeyStore Type

raytion.connector.agent.connections .server.sslAuth.keyStoreType

The type of the KeyStore-file given. We strongly recommend using PKCS12, as JKS may be deprecated in a future update.

KeyStore Password

raytion.connector.agent.connections .server.sslAuth.keyStorePassword

Password for the key store. This password is used to open the keystore file.

Key Alias

raytion.connector.agent.connections .server.sslAuth.keyAlias

The alias of the private key to use for client certificate authentication. Only required if the keystore contains multiple private keys.

Key Password

raytion.connector.agent.connections .server.sslAuth.keyPassword

The password to access the private key within the key store. Only required if the keystore contains a private key for client certificate authentication. If not specified, the key store password will be used.

Configure Document Extraction from HCL Content Manager

The connector can also crawl documents coming from the HCL Content Manager. In order to activate this feature, use the following configuration option:

Name Property Key Description

Name	Property Key	Description
Fetch Libraries (through Communities)	`raytion.connector.agent.connections.content-traversal.fetchLibrariesByCommunities`	Set to `true` to enable crawling of documents from HCL Content Manager. Default value is `false`.

Fetch Libraries (through Communities)

raytion.connector.agent.connections.content-traversal.fetchLibrariesByCommunities

Set to true to enable crawling of documents from HCL Content Manager. Default value is false.

Filter Configuration

There are various options to exclude documents from being synchronized, e.g. by providing a list of certain applications to exclude.

You can also define a file size threshold for attachments. Any attachments larger than that value will still be indexed, but their content will not be fetched. The default value is 100 Megabytes.

The following is a summary of the configuration options for excluding files or folders from the search index and controlling extraction of additional metadata:

Name Property Key Description

Name	Property Key	Description
File Size Threshold	`raytion.connector.agent.connections .content-traversal.fileSizeThreshold`	This element determines a size threshold (in Bytes) telling the connector that the content of any attached files which exceed the threshold should not be fetched. Default value is 100 Megabytes.
Applications to Exclude	`raytion.connector.agent.connections .content-traversal.applicationsToSkip`	These values determine applications which should not be indexed. Possible values: `wikis`, `files`, `activities`, `profiles`, `forums`, `communities`, `dogear`, `blogs`, `news` (profile updates), `dm/atom` (FileNet ECM entries). This setting is optional.
Extract Parent Titles	`raytion.connector.agent.connections .content-traversal.fetchParentTitles`	If this is turned on, parent community titles will be extracted for documents which are contained in a community. In order to do so, the technical user must have at least the moderator role within the communities application. This setting is optional and `false` by default.
Extract File Comments	`raytion.connector.agent.connections .content-traversal.extractComments`	By default, the connector extracts file comments as separate items. If you want to not extract any file comments, set this parameter to false. This setting is optional and `true` by default.
Fetch Related Communities Link	`raytion.connector.agent.connections .content-traversal.fetchRelatedCommunitiesLink`	Adds links to related communities, if this value is set to true. The link generation means further reach outs to the HCL Connections API. By default this value is set to false. This setting is optional.
Fetch Related Communities	`raytion.connector.agent.connections .content-traversal.fetchRelatedCommunities`	Include URLs and descriptions of related communities (if any). This requires further requests to the HCL Connections API. By default this value is set to false. This setting is optional.
Fetch Community Members	`raytion.connector.agent.connections .content-traversal.fetchCommunityMembers`	Extract all community members as part of the indexed documents. This setting is optional and `true` by default. Note: The extraction may take a significant amount of crawl time, consider setting it to `false` to improve traversal performance.
Synchronize inactive Profiles	`raytion.connector.agent.connections .content-traversal.synchronizeInactiveProfiles`	Include inactive user profiles in the traversal. This setting is optional and `false` by default.

File Size Threshold

raytion.connector.agent.connections .content-traversal.fileSizeThreshold

This element determines a size threshold (in Bytes) telling the connector that the content of any attached files which exceed the threshold should not be fetched. Default value is 100 Megabytes.

Applications to Exclude

raytion.connector.agent.connections .content-traversal.applicationsToSkip

These values determine applications which should not be indexed. Possible values: wikis, files, activities, profiles, forums, communities, dogear, blogs, news (profile updates), dm/atom (FileNet ECM entries). This setting is optional.

Extract Parent Titles

raytion.connector.agent.connections .content-traversal.fetchParentTitles

If this is turned on, parent community titles will be extracted for documents which are contained in a community. In order to do so, the technical user must have at least the moderator role within the communities application. This setting is optional and false by default.

Extract File Comments

raytion.connector.agent.connections .content-traversal.extractComments

By default, the connector extracts file comments as separate items. If you want to not extract any file comments, set this parameter to false. This setting is optional and true by default.

Fetch Related Communities Link

raytion.connector.agent.connections .content-traversal.fetchRelatedCommunitiesLink

Adds links to related communities, if this value is set to true. The link generation means further reach outs to the HCL Connections API. By default this value is set to false. This setting is optional.

Fetch Related Communities

raytion.connector.agent.connections .content-traversal.fetchRelatedCommunities

Include URLs and descriptions of related communities (if any). This requires further requests to the HCL Connections API. By default this value is set to false. This setting is optional.

Fetch Community Members

raytion.connector.agent.connections .content-traversal.fetchCommunityMembers

Extract all community members as part of the indexed documents. This setting is optional and true by default. Note: The extraction may take a significant amount of crawl time, consider setting it to false to improve traversal performance.

Synchronize inactive Profiles

raytion.connector.agent.connections .content-traversal.synchronizeInactiveProfiles

Include inactive user profiles in the traversal. This setting is optional and false by default.

Principal Traversal and Aliasing

As HCL Connections brings a kind of Custom Security with it, the connector handles custom access rights. On the one hand, it extracts Access Control Lists (ACLs) for the respective documents. On the other hand, it provides a principal traversal, where access permissions for the users to communities and wikis are extracted. This information is send as pairs of user IDs and Community or Wiki GUIDs to the security module.

In order to send the right user IDs to the security module, the connector also supports two kinds of aliasing:

Identity Aliasing

In order to not do any aliasing on the user IDs, set the aliasing type to NONE. Per default, the connector does not perform an aliasing.

Name Property Key Description

Name	Property Key	Description
Aliasing Type	`raytion.connector.agent.connections.principal.aliasingType`	Set to `NONE` to disable aliasing on user IDs.

Aliasing Type

raytion.connector.agent.connections.principal.aliasingType

Set to NONE to disable aliasing on user IDs.

Aliasing Based on Connections Profile Information

This approach uses given informations from the user’s Connections profile to alias the GUID to something else. Here, the connector can be configured to access any profile attribute to alias the user’s GUID accordingly.

This means that during the principal traversal all user GUIDs are aliased to the given field from the profile.

Name Property Key Description

Name	Property Key	Description
Aliasing Type	`raytion.connector.agent.connections .principal.aliasingType`	Set to `PROFILES` to enable profile-based aliasing.
Profile Aliasing Field	`raytion.connector.agent.connections .principal.profileAliasing.aliasingField`	The profile attribute to use for aliasing the user’s GUID. This can be either a well-known field name or any WPLC field identifier from HCL Connections profiles. See the "Supported Field Values" section below for a complete list of available field names. If the profile attribute contains multiple values, only the first value will be used.

Aliasing Type

raytion.connector.agent.connections .principal.aliasingType

Set to PROFILES to enable profile-based aliasing.

Profile Aliasing Field

raytion.connector.agent.connections .principal.profileAliasing.aliasingField

The profile attribute to use for aliasing the user’s GUID. This can be either a well-known field name or any WPLC field identifier from HCL Connections profiles. See the "Supported Field Values" section below for a complete list of available field names. If the profile attribute contains multiple values, only the first value will be used.

Supported Field Values

The profileAliasing.aliasingField property accepts the following types of values:

Well-Known Profile Field Names

These field names directly map to properties extracted from the HCL Connections Profile domain:

Field Name Description

Field Name	Description
`mail`	User’s email address(es)
`givenName`	User’s given name (first name)
`surName`	User’s surname (last name)
`displayName`	User’s full display name
`employeeNumber`	Employee number
`userState`	User state (e.g., "active" or "inactive")
`officePhone`	Office telephone number
`ipPhone`	IP telephone number
`mobile`	Mobile phone number
`fax`	Fax number
`pager`	Pager number
`building`	Building identifier
`floor`	Floor number
`officeAddress`	Physical office address
`managerId`	Manager’s user ID
`secretaryId`	Secretary’s UID
`secretary`	Secretary’s display name
`manager`	Manager’s UID
`responsibility`	Job responsibilities
`aboutMe`	User’s "About Me" information
`experience`	User’s experience description
`blogUrl`	User’s blog URL
`linkToProfilePicture`	URL to user’s profile picture
`title`	Profile title
`internalId`	Internal profile ID
`url`	Profile URL
`tags`	First profile tag
`tagsOriginal`	First of the "original" profile tags
`authors`	First author name
`authorIds`	First author ID

mail

User’s email address(es)

givenName

User’s given name (first name)

surName

User’s surname (last name)

displayName

User’s full display name

employeeNumber

Employee number

userState

User state (e.g., "active" or "inactive")

officePhone

Office telephone number

ipPhone

IP telephone number

mobile

Mobile phone number

fax

Fax number

pager

Pager number

building

Building identifier

floor

Floor number

officeAddress

Physical office address

managerId

Manager’s user ID

secretaryId

Secretary’s UID

secretary

Secretary’s display name

manager

Manager’s UID

responsibility

Job responsibilities

aboutMe

User’s "About Me" information

experience

User’s experience description

blogUrl

User’s blog URL

linkToProfilePicture

URL to user’s profile picture

title

Profile title

internalId

Internal profile ID

url

Profile URL

tags

First profile tag

tagsOriginal

First of the "original" profile tags

authors

First author name

authorIds

First author ID

WPLC Field Identifiers

Any WPLC field identifier available on the Profile entity coming from HCL Connections can be used. Hence, also any "extra attributes" FIELD_EXTATTR_<attribute_name> can be used for aliasing.

For instance:

WPLC Field ID Description

WPLC Field ID	Description
`FIELD_UID`	User’s unique identifier
`FIELD_EMPLOYEE_NUMBER`	Employee number
`FIELD_USER_STATE`	User state
`FIELD_TAG`	First profile tag
`FIELD_EXTATTR_SAMACCOUNTNAME`	Active Directory SAM account name - commonly used for Windows domain authentication
`FIELD_EXTATTR_OBJECTSID`	Windows Security Identifier (SID) - unique identifier for Active Directory objects
`FIELD_EXTATTR_USERPRINCIPALNAME`	Active Directory User Principal Name (UPN)
`FIELD_EXTATTR_<custom>`	Any custom extended attribute configured in your HCL Connections profile system

FIELD_UID

User’s unique identifier

FIELD_EMPLOYEE_NUMBER

Employee number

FIELD_USER_STATE

User state

FIELD_TAG

First profile tag

FIELD_EXTATTR_SAMACCOUNTNAME

Active Directory SAM account name - commonly used for Windows domain authentication

FIELD_EXTATTR_OBJECTSID

Windows Security Identifier (SID) - unique identifier for Active Directory objects

FIELD_EXTATTR_USERPRINCIPALNAME

Active Directory User Principal Name (UPN)

FIELD_EXTATTR_<custom>

Any custom extended attribute configured in your HCL Connections profile system

The specific extended attributes available depend on your HCL Connections configuration and the attributes synchronized from your directory service. The above values are just common exemplary values.

Microsoft Search Configuration

Connector Product Settings

Configuration Options related to specifying the product which is going to connect to the Microsoft Search.

Name Property Key Description

Name	Property Key	Description
Connection ID	`raytion.connector.backend.microsoft-search.product.connectionId`	Connection ID of the connector product which is registered with Microsoft Search.

Connection ID

raytion.connector.backend.microsoft-search.product.connectionId

Connection ID of the connector product which is registered with Microsoft Search.

Microsoft Services Authentication Settings

Configuration Options related to authentication for the Microsoft Search.

Name Property Key Description

Name	Property Key	Description
OAuth2.0 client ID	`raytion.connector.backend.microsoft-search.authentication.clientId`	OAuth2.0 client ID for the Microsoft Search Authentication.
Tenant ID	`raytion.connector.backend.microsoft-search.authentication.tenantId`	Tenant ID of OAuth2.0 Token URI for the Microsoft Search Authentication.
Authentication Method	`raytion.connector.backend.microsoft-search.authentication.authMethod`	How to authenticate against Microsoft search. Available is authentication via client secret, java keystore, or certificate file.
OAuth2.0 client secret	`raytion.connector.backend.microsoft-search.authentication.clientSecret`	OAuth2.0 client secret for the Microsoft Search Authentication.
Certificate Keystore Alias	`raytion.connector.backend.microsoft-search.authentication.certificateKeystore.certificateKeystoreAlias`	The alias under which the certificate is stored in the keystore.
Certificate Keystore Password	`raytion.connector.backend.microsoft-search.authentication.certificateKeystore.certificateKeystorePassword`	The password to access the keystore.
Client Certificate Password	`raytion.connector.backend.microsoft-search.authentication.clientCertificate.clientCertificatePassword`	The password to access the certificate.

OAuth2.0 client ID

raytion.connector.backend.microsoft-search.authentication.clientId

OAuth2.0 client ID for the Microsoft Search Authentication.

Tenant ID

raytion.connector.backend.microsoft-search.authentication.tenantId

Tenant ID of OAuth2.0 Token URI for the Microsoft Search Authentication.

Authentication Method

raytion.connector.backend.microsoft-search.authentication.authMethod

How to authenticate against Microsoft search. Available is authentication via client secret, java keystore, or certificate file.

OAuth2.0 client secret

raytion.connector.backend.microsoft-search.authentication.clientSecret

OAuth2.0 client secret for the Microsoft Search Authentication.

Certificate Keystore Alias

raytion.connector.backend.microsoft-search.authentication.certificateKeystore.certificateKeystoreAlias

The alias under which the certificate is stored in the keystore.

Certificate Keystore Password

raytion.connector.backend.microsoft-search.authentication.certificateKeystore.certificateKeystorePassword

The password to access the keystore.

Client Certificate Password

raytion.connector.backend.microsoft-search.authentication.clientCertificate.clientCertificatePassword

The password to access the certificate.

Microsoft Search Connection Settings

Configuration Options related to establish a connection and sending requests to Microsoft Search.

Name Property Key Description

Name	Property Key	Description
API endpoint	`raytion.connector.backend.microsoft-search.connection.endpoint`	Microsoft Search API endpoint including version specifier.
Requests per Second	`raytion.connector.backend.microsoft-search.connection.requestsPerSecond`	Maximum number of requests per second.
Connect Timeout	`raytion.connector.backend.microsoft-search.connection.connectTimeout`	Determines the timeout in milliseconds until a connection is established. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).
Socket Timeout	`raytion.connector.backend.microsoft-search.connection.socketTimeout`	Defines the socket timeout in milliseconds, which is the timeout for waiting for data or, put differently, a maximum period inactivity between two consecutive data packets. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).
Use Poxy	`raytion.connector.backend.microsoft-search.connection.useProxy`	If enabled, the connection to Microsoft Graph API will be established through a HTTP/HTTPS proxy.
Proxy Endpoint	`raytion.connector.backend.microsoft-search.connection.proxy.uri`	Target proxy URL including protocol, host and port.
Proxy Authentication	`raytion.connector.backend.microsoft-search.connection.proxy.authentication`	If enabled, the connector uses the specified credentials to authenticate towards proxy.
Proxy Username	`raytion.connector.backend.microsoft-search.connection.proxy.username`	Proxy authentication username.
Proxy Password	`raytion.connector.backend.microsoft-search.connection.proxy.password`	Proxy authentication password. The value will be stored encrypted by the connector.

API endpoint

raytion.connector.backend.microsoft-search.connection.endpoint

Microsoft Search API endpoint including version specifier.

Requests per Second

raytion.connector.backend.microsoft-search.connection.requestsPerSecond

Maximum number of requests per second.

Connect Timeout

raytion.connector.backend.microsoft-search.connection.connectTimeout

Determines the timeout in milliseconds until a connection is established. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).

Socket Timeout

raytion.connector.backend.microsoft-search.connection.socketTimeout

Defines the socket timeout in milliseconds, which is the timeout for waiting for data or, put differently, a maximum period inactivity between two consecutive data packets. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).

Use Poxy

raytion.connector.backend.microsoft-search.connection.useProxy

If enabled, the connection to Microsoft Graph API will be established through a HTTP/HTTPS proxy.

Proxy Endpoint

raytion.connector.backend.microsoft-search.connection.proxy.uri

Target proxy URL including protocol, host and port.

Proxy Authentication

raytion.connector.backend.microsoft-search.connection.proxy.authentication

If enabled, the connector uses the specified credentials to authenticate towards proxy.

Proxy Username

raytion.connector.backend.microsoft-search.connection.proxy.username

Proxy authentication username.

Proxy Password

raytion.connector.backend.microsoft-search.connection.proxy.password

Proxy authentication password. The value will be stored encrypted by the connector.

Microsoft Search Principal Mapping Settings

Configuration Options related to mapping source system principals to Microsoft Search AzureAD users.

Name Property Key Description

Name	Property Key	Description
Principal ID Attributes	`raytion.connector.backend.microsoft-search.principal-mapping.principalIdProperties`	AzureAD attributes to match principal ids against. Maps a principal id to all AzureAD user objects where one of the specified attributes values matches the principal id.

Principal ID Attributes

raytion.connector.backend.microsoft-search.principal-mapping.principalIdProperties

AzureAD attributes to match principal ids against. Maps a principal id to all AzureAD user objects where one of the specified attributes values matches the principal id.

General Configuration

Database Configuration

Name Property Key Description

Name	Property Key	Description
Configuration Type	`raytion.connector.db.config.type`	Supported are PostgreSQL, MS SQL Server, and JDBC URL configuration.

Configuration Type

raytion.connector.db.config.type

Supported are PostgreSQL, MS SQL Server, and JDBC URL configuration.

PostgreSQL

Name Property Key Description

Name	Property Key	Description
Host	`raytion.connector.db.config.postgres.host`	Domain name or IP address of the database server.
Port	`raytion.connector.db.config.postgres.port`	Specifies the port number PostgreSQL is listening on, default is 5432.
Database Name	`raytion.connector.db.config.postgres.name`	Name of the database.
Username	`raytion.connector.db.config.postgres.username`	Username to authenticate with. The regarding user has to have read and write permissions to the database.
Password	`raytion.connector.db.config.postgres.password`	Password of the configured database user.
Add Custom Parameter	`raytion.connector.db.config.postgres.addParameters`	Enables the configuration of additional parameters.

Host

raytion.connector.db.config.postgres.host

Domain name or IP address of the database server.

Port

raytion.connector.db.config.postgres.port

Specifies the port number PostgreSQL is listening on, default is 5432.

Database Name

raytion.connector.db.config.postgres.name

Name of the database.

Username

raytion.connector.db.config.postgres.username

Username to authenticate with. The regarding user has to have read and write permissions to the database.

Password

raytion.connector.db.config.postgres.password

Password of the configured database user.

Add Custom Parameter

raytion.connector.db.config.postgres.addParameters

Enables the configuration of additional parameters.

MS SQL Server

Name Property Key Description

Name	Property Key	Description
Host	`raytion.connector.db.config.mssql.host`	Domain name or IP address of the database server. Instance to connect to on server can be specified by '‹server_name>\|<instance_name>'.
Port	`raytion.connector.db.config.mssql.port`	Specifies the port number MS SQL Server is listening on, default is 1433.
Database Name	`raytion.connector.db.config.mssql.name`	Name of the database.
Username	`raytion.connector.db.config.mssql.username`	Username to authenticate with. The regarding user has to have read and write permissions to the database.
Password	`raytion.connector.db.config.mssql.password`	Password of the configured database user.
Add Custom Parameter	`raytion.connector.db.config.mssql.addParameters`	Enables the configuration of additional parameters.

Host

raytion.connector.db.config.mssql.host

Domain name or IP address of the database server. Instance to connect to on server can be specified by '‹server_name>|<instance_name>'.

Port

raytion.connector.db.config.mssql.port

Specifies the port number MS SQL Server is listening on, default is 1433.

Database Name

raytion.connector.db.config.mssql.name

Name of the database.

Username

raytion.connector.db.config.mssql.username

Username to authenticate with. The regarding user has to have read and write permissions to the database.

Password

raytion.connector.db.config.mssql.password

Password of the configured database user.

Add Custom Parameter

raytion.connector.db.config.mssql.addParameters

Enables the configuration of additional parameters.

JDBC URL

Name Property Key Description

Name	Property Key	Description
URL	`raytion.connector.db.config.jdbc.url`	JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: `jdbc:postgresql:<host>:<port>/<database>`
Username	`raytion.connector.db.config.jdbc.username`	Database Username to read and write to database.
Password	`raytion.connector.db.config.jdbc.password`	Database Password for the specified user

URL

raytion.connector.db.config.jdbc.url

JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: jdbc:postgresql:<host>:<port>/<database>

Username

raytion.connector.db.config.jdbc.username

Database Username to read and write to database.

Password

raytion.connector.db.config.jdbc.password

Database Password for the specified user

Traversal Configuration

Name Property Key Description

Name	Property Key	Description
Traversal History Length	`raytion.connector.agent.traversal .store.historyLength`	Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)
Include Checksum	`raytion.connector.agent.traversal .pipeline.includePipelineChecksum`	If enabled, any changes made to the pipeline e.g. configuration, the subsequent incremental run triggers a refeed of all items.
Change Processing Interval	`raytion.connector.agent.traversal .changeprocessing.interval`	Interval between change processing traversals.
Resume on Start	`raytion.connector.agent.traversal .resume.resumeTraversalOnRestart`	If enabled, any traversals in paused state are automatically resumed after the connector restart. Otherwise, the traversal remains in paused state.
Number of Traversal Workers	`raytion.connector.agent.traversal .workers.worker`	Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)
Traversal Job Poll Interval	`raytion.connector.agent.traversal .workers.jobPollInterval`	Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)
Completion Timeout	`raytion.connector.agent.traversal .workers.completionTimeout`	If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)
Executor Size	`raytion.connector.agent.traversal .execution.executorSize`	The executor size restricts the max. number of concurrent running traversals.
Queue Size	`raytion.connector.agent.traversal .execution.queueSize`	The queue size restricts the max. number of queued traversals. If the value is exceeded, the connector rejects further traversal requests until the queue size is below the configured size.

Traversal History Length

raytion.connector.agent.traversal .store.historyLength

Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)

Include Checksum

raytion.connector.agent.traversal .pipeline.includePipelineChecksum

If enabled, any changes made to the pipeline e.g. configuration, the subsequent incremental run triggers a refeed of all items.

Change Processing Interval

raytion.connector.agent.traversal .changeprocessing.interval

Interval between change processing traversals.

Resume on Start

raytion.connector.agent.traversal .resume.resumeTraversalOnRestart

If enabled, any traversals in paused state are automatically resumed after the connector restart. Otherwise, the traversal remains in paused state.

Number of Traversal Workers

raytion.connector.agent.traversal .workers.worker

Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)

Traversal Job Poll Interval

raytion.connector.agent.traversal .workers.jobPollInterval

Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)

Completion Timeout

raytion.connector.agent.traversal .workers.completionTimeout

If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Executor Size

raytion.connector.agent.traversal .execution.executorSize

The executor size restricts the max. number of concurrent running traversals.

Queue Size

raytion.connector.agent.traversal .execution.queueSize

The queue size restricts the max. number of queued traversals. If the value is exceeded, the connector rejects further traversal requests until the queue size is below the configured size.

Traversal Jobs

Name Property Key Description

Name	Property Key	Description
Job Timeout Check Frequency	`raytion.connector.job-broker.heartbeatPeriod`	Configures how often the connector checks for timed out jobs.
Job Timeout	`raytion.connector.job-broker.heartbeatTimeout`	The duration for which a job can stay idle before it is timed out.
Job Cache Size	`raytion.connector.job-broker.jobPollCacheSize`	Max. cache size of Jobs waiting for processing in memory. When cache is empty, next batch is fetched.

Job Timeout Check Frequency

raytion.connector.job-broker.heartbeatPeriod

Configures how often the connector checks for timed out jobs.

Job Timeout

raytion.connector.job-broker.heartbeatTimeout

The duration for which a job can stay idle before it is timed out.

Job Cache Size

raytion.connector.job-broker.jobPollCacheSize

Max. cache size of Jobs waiting for processing in memory. When cache is empty, next batch is fetched.

Security Configuration

Request Restriction Settings

Name Property Key Description

Name	Property Key	Description
Accepted Host Names	`raytion.connector.security .requests.acceptedDomains`	A list of domains (+ port) that are allowed as host names in the headers of HTTP requests to the connector. This means that you can access the connector only via a URL that employs one of the configured domains. Each entry must have the format `domain:port`. Examples: `localhost:16120` `connector.company.com:16120` If no domains are configured (the default), then you can use any domain via which the connector host is reachable.

Accepted Host Names

raytion.connector.security .requests.acceptedDomains

A list of domains (+ port) that are allowed as host names in the headers of HTTP requests to the connector. This means that you can access the connector only via a URL that employs one of the configured domains. Each entry must have the format domain:port. Examples:

localhost:16120
connector.company.com:16120

If no domains are configured (the default), then you can use any domain via which the connector host is reachable.

Principal Aliaser Configuration

Principal Aliasing is applied on user information as part of Content ACL processing during Content Synchronization and Principal processing during Principal Synchronization. It’s purpose is to map external source system user to the corresponding user in search engines domain. You can configure a list of aliasers in the connector which will be applied in sequence and in order on user ACEs and user principals. The Connector supports following custom aliasing mechanism.

Custom Aliaser Disabled

If the Custom Aliaser checkbox is not selected, the connector will process user information on ACE and user principals unchanged to Search Engine. If all relevant users in the source system can be found with the same identifier in the search engine, this setup is sufficient to reflect the same secure search experience in the search engine as defined by the policy in the source system. The connector uses this option as default to process user information.

Custom Aliaser Enabled

If custom aliasing is enable then there are four types of aliaser avaialble:

Simple XML Table Aliaser

Static mapping table which can be uploaded as XML file. The connector uses the uploaded file as lookup table to map a user in the source system to a user in the search engine. Users missing a record in the file will be dropped from the ACE and during Principal Synchronization. This option is only recommended for environment with a manageable amount of users as for each user the corresponding mapping entry needs to be specified in the file.

Name	Description
XML Mapping File	Browse and upload or drag and drop.

Name

Description

XML Mapping File

Browse and upload or drag and drop.

Sample XML mapping file:

<?xml version="1.0" encoding="UTF-8"?>
<storeddata>
    <entry keyValue="user1">user1@raytion.com</entry>
    <entry keyValue="user2">user2@raytion.com</entry>
    <entry keyValue="user3">user3@raytion.com</entry>
</storeddata>

Regex Replacer Aliaser

Regex Replacer Aliaser computes aliases based on a regular expression. Principals that match the regular expression are replaced by the Substitution String.

Name Property Key Description

Name	Property Key	Description
Pattern	`raytion.connector.aliaser.aliasers[*] .replacer.pattern`	The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1
Substitute String	`raytion.connector.aliaser.aliasers[*] .replacer.substituteString`	String to replace the matching part of the find string. Matched value is accessed by employing $1

Pattern

raytion.connector.aliaser.aliasers[*] .replacer.pattern

The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1

Substitute String

raytion.connector.aliaser.aliasers[*] .replacer.substituteString

String to replace the matching part of the find string. Matched value is accessed by employing $1

Regex Extractor Aliaser

Regex Extractor Aliaser computes aliases based on a regular expression. Principals that match the regular expression are inserted into the Insert-Into String.

Name PropertyKey Description

Name	PropertyKey	Description
Pattern	`raytion.connector.aliaser.aliasers[*] .extractor.pattern`	The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$
Insert-Into String	`raytion.connector.aliaser.aliasers[*] .extractor.insertIntoString`	String to replace the matching part of the pattern. Matched value is accessed by employing $$

Pattern

raytion.connector.aliaser.aliasers[*] .extractor.pattern

The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$

Insert-Into String

raytion.connector.aliaser.aliasers[*] .extractor.insertIntoString

String to replace the matching part of the pattern. Matched value is accessed by employing $$

LDAP Aliaser

Ldap Aliaser searches for an LDAP entry with the requested name in the input value and returns the specified output attribute.

Name Property Key Description

Name	Property Key	Description
Host	`raytion.connector.aliaser.aliasers[*] .ldap.host`	Fully Qualified Domain Name of an LDAP server
Port	`raytion.connector.aliaser.aliasers[*] .ldap.port`	Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL
AccountDN	`raytion.connector.aliaser.aliasers[*] .ldap.bindAccountDN`	AccountDN for bind to LDAP
Password	`raytion.connector.aliaser.aliasers[*] .ldap.password`	Password part of credentials
Input Field	`raytion.connector.aliaser.aliasers[*] .ldap.inputField`	The Active Directory attribute name for this equality filter
Search Root DN	`raytion.connector.aliaser.aliasers[*] .ldap.baseDN`	Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree
Output Field	`raytion.connector.aliaser.aliasers[*] .ldap.outputField`	Attribute that should be returned in result entries

Host

raytion.connector.aliaser.aliasers[*] .ldap.host

Fully Qualified Domain Name of an LDAP server

Port

raytion.connector.aliaser.aliasers[*] .ldap.port

Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL

AccountDN

raytion.connector.aliaser.aliasers[*] .ldap.bindAccountDN

AccountDN for bind to LDAP

Password

raytion.connector.aliaser.aliasers[*] .ldap.password

Password part of credentials

Input Field

raytion.connector.aliaser.aliasers[*] .ldap.inputField

The Active Directory attribute name for this equality filter

Search Root DN

raytion.connector.aliaser.aliasers[*] .ldap.baseDN

Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree

Output Field

raytion.connector.aliaser.aliasers[*] .ldap.outputField

Attribute that should be returned in result entries