Connector Configuration

Configuration for OpenText Content Server

Please note that certain settings affect the performance of content traversals, see the Performance section of the FAQ for details.

OpenText Content Server Connection Settings

Configuration options related to establish connection to the target OpenText Content Server instance.

Name Description

Instance name

An identifier of the source system that is automatically added to the metadata of each document.

REST API base URL

Base URL of OpenText Content Server’s REST API. This URL is also used to create URLs for people to click on in search result.

Adding the /api/v1/ or /api/v2/ suffix is optional and discouraged, since it may mislead as to what REST API version is actually used. The connector currently uses both v1 and v2.

This URL can point to a different host than the other API (base) URLs, as long as all hosts represent the same OpenText Content Server.

SOAP APIs base URL

Base URL of OpenText Content Server’s main SOAP APIs.

This URL must point at the base directory (usually ending in /cws) of the Content Web Services; see Content Web Services in OpenText Content Server Setup for the installation. The actual endpoints used are auto-detected, including if .svc is needed at the end.

This URL can point to a different host than the other API (base) URLs, as long as all hosts represent the same OpenText Content Server.

Records Management URL

Full URL of OpenText Content Server Records Management Security Management SOAP API. This URL is only needed if Records Management is used, see Records Management Security Management SOAP API in OpenText Content Server Setup for the installation.

Unlike for other SOAP APIs, no auto-detection for needed suffixes are done for this URL; this URL needs to be specified in its entirety.

This URL can point to a different host than the other API (base) URLs, as long as all hosts represent the same OpenText Content Server.

Technical user

Technical user who will be used for traversing OpenText Content Server.

See Needed Permissions and Privileges in OpenText Content Server Setup for the permissions needed by this user.

Password

Password for the technical user.

Cache expiration duration

Maximum time to live of cached principal- and security clearance-related values after the last update.

HTTP timeout

The duration after which HTTP calls (both to the OpenText Content Server REST and the OpenText Content Server SOAP API) time out.

Maximum number of retries

The maximum number of retries in case of OpenText Content Server REST API timeouts.

Maximum REST API calls per second

The maximum number of OpenText Content Server REST API calls made per second.

This is only an upper limit, the connector may or may not actually reach it at runtime.

OpenText Content Server Item Settings

Optional configuration related to what data the items will contain.

Name	Description
Fetch categories	Whether to fetch categories attached to nodes and their data values.
Fetch classifications	Whether to fetch non-Records Management classifications attached to those nodes that can have them.
Fetch Records Management classifications	Whether to fetch metadata about Records Management classifications attached to nodes.
Fetch holds	Whether to fetch metadata of holds applied to those nodes that can have them.
Fetch RSIs	Whether to fetch the record series identifiers assigned to nodes.
Fetch cross references/XRefs	Whether to fetch some metadata about cross references (a.k.a XRefs) for those nodes that can have them.
Maximum content size	For items with content larger than this size, only the metadata will be indexed. If the size of the content is known to be bigger than this size in advance, the connector will not fetch it from OpenText Content Server. Setting this to zero (0) bytes is supported and will result in: no documents having any content, and the connector not accessing the API endpoints to fetch such content.

Name

Description

Fetch categories

Whether to fetch categories attached to nodes and their data values.

Fetch classifications

Whether to fetch non-Records Management classifications attached to those nodes that can have them.

Fetch Records Management classifications

Whether to fetch metadata about Records Management classifications attached to nodes.

Fetch holds

Whether to fetch metadata of holds applied to those nodes that can have them.

Fetch RSIs

Whether to fetch the record series identifiers assigned to nodes.

Fetch cross references/XRefs

Whether to fetch some metadata about cross references (a.k.a XRefs) for those nodes that can have them.

Maximum content size

For items with content larger than this size, only the metadata will be indexed. If the size of the content is known to be bigger than this size in advance, the connector will not fetch it from OpenText Content Server. Setting this to zero (0) bytes is supported and will result in:

no documents having any content, and
the connector not accessing the API endpoints to fetch such content.

OpenText Content Server Content Traversal Settings

Optional configuration related to content selection.

Name	Description
Traverse all root volumes	Whether to traverse all (root) volumes known to the OpenText Content Server. If this is set to no, Additional Root Node IDs should not be empty.
Additional root node IDs	IDs of (additional) root nodes, not necessarily containers, to traverse.
OTCS-local time zone	The time zone the OpenText Content Server uses internally, used for some timestamp clarifications. The default value is the local time zone of the connector.

Name

Description

Traverse all root volumes

Whether to traverse all (root) volumes known to the OpenText Content Server.
If this is set to no, Additional Root Node IDs should not be empty.

Additional root node IDs

IDs of (additional) root nodes, not necessarily containers, to traverse.

OTCS-local time zone

The time zone the OpenText Content Server uses internally, used for some timestamp clarifications.
The default value is the local time zone of the connector.

OpenText Content Server Node Type Filter Settings

Optional configuration related to filtering items by their node type.

Name	Description
Node Type Allow List	The only node types to traverse and add as items. An empty list is interpreted as all types except those in the deny list are to be traversed.
Node Type Deny List	The node types not to traverse and add as items. An empty list is interpreted as all types (in the allow list) are to be traversed.

Name

Description

Node Type Allow List

The only node types to traverse and add as items.
An empty list is interpreted as all types except those in the deny list are to be traversed.

Node Type Deny List

The node types not to traverse and add as items.
An empty list is interpreted as all types (in the allow list) are to be traversed.

Both lists contain filter entries with the following options:

Name	Description
Node Type ID	The ID of the node type to include or exclude. At least this or the name must be set; if both are set, they must match.
Node Type Name	The name of the node type to include or exclude. At least this or the ID must be set; if both are set, they must match.
Filter Scope	Which phases of the traversal to apply the filter entry to. See the table below for the values' meaning.

Name

Description

Node Type ID

The ID of the node type to include or exclude. At least this or the name must be set; if both are set, they must match.

Node Type Name

The name of the node type to include or exclude. At least this or the ID must be set; if both are set, they must match.

Filter Scope

Which phases of the traversal to apply the filter entry to. See the table below for the values' meaning.

Depending on the list the filter entry appears in, the values for Filter Scope have the following meaning:

Name

Allow List

Deny List

Items only

Only include the nodes with this type as items, but do not traverse any of their children.

Do not include the nodes with this type as items, but traverse their children in the usual way.

Children only

Only traverse the children of the nodes with this type, but do not add the nodes themselves as items.

Do not traverse any of the children of the nodes with this type, but add the nodes themselves as items in the usual way.

Items and children

Add the nodes with this type as items and traverse their children.

Neither add the nodes with this type as items nor traverse any of their children.

Types must not appear in both the Allow and the Deny List. If such a duplicate is not caught by the configuration validation, the Deny List entry wins.

To simplify the use of these options, several types are aliased to other types. For example, most if not all folder specializations and volumes are aliased to the type “Folder” with ID 0. When using the Allow List, it is recommended to add Folder at least with Filter Scope Children only; otherwise, nearly no children will be considered.

OpenText Content Server Debugging Settings

Optional configuration related to debugging.

Name	Description
JSON dump base path	The directory to dump the raw JSON received from the REST API to. If the directory does not exist, it will be created. If the value is unset (this is the default), no JSON will be dumped.

Name

Description

JSON dump base path

The directory to dump the raw JSON received from the REST API to. If the directory does not exist, it will be created.
If the value is unset (this is the default), no JSON will be dumped.

Microsoft Search Configuration

Connector Product Settings

Configuration Options related to specifying the product which is going to connect to the Microsoft Search.

Name Property Key Description

Name	Property Key	Description
Connection ID	`raytion.connector.backend.microsoft-search.product.connectionId`	Connection ID of the connector product which is registered with Microsoft Search.

Connection ID

raytion.connector.backend.microsoft-search.product.connectionId

Connection ID of the connector product which is registered with Microsoft Search.

Microsoft Services Authentication Settings

Configuration Options related to authentication for the Microsoft Search.

Name Property Key Description

Name	Property Key	Description
OAuth2.0 client ID	`raytion.connector.backend.microsoft-search.authentication.clientId`	OAuth2.0 client ID for the Microsoft Search Authentication.
OAuth2.0 client secret	`raytion.connector.backend.microsoft-search.authentication.clientSecret`	OAuth2.0 client secret for the Microsoft Search Authentication.
Tenant ID	`raytion.connector.backend.microsoft-search.authentication.tenantId`	Tenant ID of OAuth2.0 Token URI for the Microsoft Search Authentication.

OAuth2.0 client ID

raytion.connector.backend.microsoft-search.authentication.clientId

OAuth2.0 client ID for the Microsoft Search Authentication.

OAuth2.0 client secret

raytion.connector.backend.microsoft-search.authentication.clientSecret

OAuth2.0 client secret for the Microsoft Search Authentication.

Tenant ID

raytion.connector.backend.microsoft-search.authentication.tenantId

Tenant ID of OAuth2.0 Token URI for the Microsoft Search Authentication.

Microsoft Search Connection Settings

Configuration Options related to establish a connection and sending requests to Microsoft Search.

Name Property Key Description

Name	Property Key	Description
API endpoint	`raytion.connector.backend.microsoft-search.connection.endpoint`	Microsoft Search API endpoint including version specifier.
Requests per Second	`raytion.connector.backend.microsoft-search.connection.requestsPerSecond`	Maximum number of requests per second.
Connect Timeout	`raytion.connector.backend.microsoft-search.connection.connectTimeout`	Determines the timeout in milliseconds until a connection is established. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).
Socket Timeout	`raytion.connector.backend.microsoft-search.connection.socketTimeout`	Defines the socket timeout in milliseconds, which is the timeout for waiting for data or, put differently, a maximum period inactivity between two consecutive data packets. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).
Use Poxy	`raytion.connector.backend.microsoft-search.connection.useProxy`	If enabled, the connection to Microsoft Graph API will be established through a HTTP/HTTPS proxy.
Proxy Endpoint	`raytion.connector.backend.microsoft-search.connection.proxy.uri`	Target proxy URL including protocol, host and port.
Proxy Authentication	`raytion.connector.backend.microsoft-search.connection.proxy.authentication`	If enabled, the connector uses the specified credentials to authenticate towards proxy.
Proxy Username	`raytion.connector.backend.microsoft-search.connection.proxy.username`	Proxy authentication username.
Proxy Password	`raytion.connector.backend.microsoft-search.connection.proxy.password`	Proxy authentication password. The value will be stored encrypted by the connector.

API endpoint

raytion.connector.backend.microsoft-search.connection.endpoint

Microsoft Search API endpoint including version specifier.

Requests per Second

raytion.connector.backend.microsoft-search.connection.requestsPerSecond

Maximum number of requests per second.

Connect Timeout

raytion.connector.backend.microsoft-search.connection.connectTimeout

Determines the timeout in milliseconds until a connection is established. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).

Socket Timeout

raytion.connector.backend.microsoft-search.connection.socketTimeout

Defines the socket timeout in milliseconds, which is the timeout for waiting for data or, put differently, a maximum period inactivity between two consecutive data packets. A timeout value of zero is interpreted as an infinite timeout. A negative value is interpreted as undefined (system default if applicable).

Use Poxy

raytion.connector.backend.microsoft-search.connection.useProxy

If enabled, the connection to Microsoft Graph API will be established through a HTTP/HTTPS proxy.

Proxy Endpoint

raytion.connector.backend.microsoft-search.connection.proxy.uri

Target proxy URL including protocol, host and port.

Proxy Authentication

raytion.connector.backend.microsoft-search.connection.proxy.authentication

If enabled, the connector uses the specified credentials to authenticate towards proxy.

Proxy Username

raytion.connector.backend.microsoft-search.connection.proxy.username

Proxy authentication username.

Proxy Password

raytion.connector.backend.microsoft-search.connection.proxy.password

Proxy authentication password. The value will be stored encrypted by the connector.

Microsoft Search Principal Mapping Settings

Configuration Options related to mapping source system principals to Microsoft Search AzureAD users.

Name Property Key Description

Name	Property Key	Description
Principal ID Attributes	`raytion.connector.backend.microsoft-search.principal-mapping.principalIdProperties`	AzureAD attributes to match principal ids against. Maps a principal id to all AzureAD user objects where one of the specified attributes values matches the principal id.

Principal ID Attributes

raytion.connector.backend.microsoft-search.principal-mapping.principalIdProperties

AzureAD attributes to match principal ids against. Maps a principal id to all AzureAD user objects where one of the specified attributes values matches the principal id.

General Configuration

Database Configuration

Name Property Key Description

Name	Property Key	Description
URL	`spring.datasource.url`	JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: `jdbc:postgresql:<host>:<port>/<database>`
Username	`spring.datasource.username`	Database Username to read and write to database.
Password	`spring.datasource.password`	Database Password for the specified user

URL

spring.datasource.url

JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: jdbc:postgresql:<host>:<port>/<database>

Username

spring.datasource.username

Database Username to read and write to database.

Password

spring.datasource.password

Database Password for the specified user

Traversal Configuration

Name Property Key Description

Name	Property Key	Description
Traversal History Length	`raytion.connector.agent.traversal .store.historyLength`	Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)
Number of Traversal Workers	`raytion.connector.agent.traversal .workers.worker`	Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)
Traversal Job Poll Interval	`raytion.connector.agent.traversal .workers.jobPollInterval`	Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)
Completion Timeout	`raytion.connector.agent.traversal .workers.completionTimeout`	If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Traversal History Length

raytion.connector.agent.traversal .store.historyLength

Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)

Number of Traversal Workers

raytion.connector.agent.traversal .workers.worker

Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)

Traversal Job Poll Interval

raytion.connector.agent.traversal .workers.jobPollInterval

Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)

Completion Timeout

raytion.connector.agent.traversal .workers.completionTimeout

If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Principal Aliaser Configuration

Principal Aliasing is applied on user information as part of Content ACL processing during Content Synchronization and Principal processing during Principal Synchronization. It’s purpose is to map external source system user to the corresponding user in search engines domain. You can configure a list of aliasers in the connector which will be applied in sequence and in order on user ACEs and user principals. The Connector supports following custom aliasing mechanism.

Custom Aliaser Disabled

If the Custom Aliaser checkbox is not selected, the connector will process user information on ACE and user principals unchanged to Search Engine. If all relevant users in the source system can be found with the same identifier in the search engine, this setup is sufficient to reflect the same secure search experience in the search engine as defined by the policy in the source system. The connector uses this option as default to process user information.

Custom Aliaser Enabled

If custom aliasing is enable then there are four types of aliaser avaialble:

Simple XML Table Aliaser

Static mapping table which can be uploaded as XML file. The connector uses the uploaded file as lookup table to map a user in the source system to a user in the search engine. Users missing a record in the file will be dropped from the ACE and during Principal Synchronization. This option is only recommended for environment with a manageable amount of users as for each user the corresponding mapping entry needs to be specified in the file.

Name	Description
XML Mapping File	Browse and upload or drag and drop.

Name

Description

XML Mapping File

Browse and upload or drag and drop.

Sample XML mapping file:

<?xml version="1.0" encoding="UTF-8"?>
<storeddata>
    <entry keyValue="user1">user1@raytion.com</entry>
    <entry keyValue="user2">user2@raytion.com</entry>
    <entry keyValue="user3">user3@raytion.com</entry>
</storeddata>

Regex Replacer Aliaser

Regex Replacer Aliaser computes aliases based on a regular expression. Principals that match the regular expression are replaced by the Substitution String.

Name Property Key Description

Name	Property Key	Description
Pattern	`raytion.connector.aliaser.aliasers[*] .replacer.pattern`	The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1
Substitute String	`raytion.connector.aliaser.aliasers[*] .replacer.substituteString`	String to replace the matching part of the find string. Matched value is accessed by employing $1

Pattern

raytion.connector.aliaser.aliasers[*] .replacer.pattern

The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1

Substitute String

raytion.connector.aliaser.aliasers[*] .replacer.substituteString

String to replace the matching part of the find string. Matched value is accessed by employing $1

Regex Extractor Aliaser

Regex Extractor Aliaser computes aliases based on a regular expression. Principals that match the regular expression are inserted into the Insert-Into String.

Name PropertyKey Description

Name	PropertyKey	Description
Pattern	`raytion.connector.aliaser.aliasers[*] .extractor.pattern`	The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$
Insert-Into String	`raytion.connector.aliaser.aliasers[*] .extractor.insertIntoString`	String to replace the matching part of the pattern. Matched value is accessed by employing $$

Pattern

raytion.connector.aliaser.aliasers[*] .extractor.pattern

The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$

Insert-Into String

raytion.connector.aliaser.aliasers[*] .extractor.insertIntoString

String to replace the matching part of the pattern. Matched value is accessed by employing $$

LDAP Aliaser

Ldap Aliaser searches for an LDAP entry with the requested name in the input value and returns the specified output attribute.

Name Property Key Description

Name	Property Key	Description
Host	`raytion.connector.aliaser.aliasers[*] .ldap.host`	Fully Qualified Domain Name of an LDAP server
Port	`raytion.connector.aliaser.aliasers[*] .ldap.port`	Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL
AccountDN	`raytion.connector.aliaser.aliasers[*] .ldap.bindAccountDN`	AccountDN for bind to LDAP
Password	`raytion.connector.aliaser.aliasers[*] .ldap.password`	Password part of credentials
Input Field	`raytion.connector.aliaser.aliasers[*] .ldap.inputField`	The Active Directory attribute name for this equality filter
Search Root DN	`raytion.connector.aliaser.aliasers[*] .ldap.baseDN`	Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree
Output Field	`raytion.connector.aliaser.aliasers[*] .ldap.outputField`	Attribute that should be returned in result entries

Host

raytion.connector.aliaser.aliasers[*] .ldap.host

Fully Qualified Domain Name of an LDAP server

Port

raytion.connector.aliaser.aliasers[*] .ldap.port

Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL

AccountDN

raytion.connector.aliaser.aliasers[*] .ldap.bindAccountDN

AccountDN for bind to LDAP

Password

raytion.connector.aliaser.aliasers[*] .ldap.password

Password part of credentials

Input Field

raytion.connector.aliaser.aliasers[*] .ldap.inputField

The Active Directory attribute name for this equality filter

Search Root DN

raytion.connector.aliaser.aliasers[*] .ldap.baseDN

Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree

Output Field

raytion.connector.aliaser.aliasers[*] .ldap.outputField

Attribute that should be returned in result entries