Skip Headers
Oracle® Secure Enterprise Search Administrator's Guide
11g Release 1 (11.1.2.2)

E21605-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

Setting Up Oracle Content Server Sources

The Oracle Content Server connector enables Oracle SES to search Oracle Content Server (formerly Stellent Server), which is the foundation of the Oracle Universal Content Management solution. Users throughout the organization can contribute content from native desktop applications, manage content through rich library services, publish content to Web sites or business applications, and access the content with a browser.

The Content Server connector supports Oracle Content Server 7.5.2 or 10gR3 with XMLCrawlerExport (the Oracle Content Server RSS component).

Oracle Content Server includes an RSS feed generator component (XMLCrawlerExport) on top of the content server. This component generates RSS feeds as XML files from its internal indexer, based on indexer activity. It has access to the original content (for example, a Microsoft Word document), the Web viewable rendition, and all the metadata associated with each document. The component also has a template that contains a Idoc script that applies the metadata values from the indexer to generate the XML document. (Idoc is an Oracle Content Server proprietary scripting language.) Oracle Content Server generates feeds for all documents for the initial crawl, and feeds for updated and deleted documents for the incremental crawl. Each document can be an item in the feed, with the operation on the item (such as insert, delete, update), its metadata (such as author, summary), URL links, and so on.

The Oracle Content Server connector reads the feeds provided by Oracle Content Server according to a crawling schedule. Oracle SES parses and extracts the metadata information, and fetches the document content, using its generic RSS crawler framework.

Oracle SES supports the control feed method, in which individual feeds can be located anywhere and a control feed file is generated containing the links to other feeds. This control file is input to the connector through the configuration file. Control feed must be used when two computers are on different domains or on different platforms, or if they use remote access protocol, such as HTTP or FTP, for communication between the two servers.

Oracle Content Server Security Model

The Oracle Content Server security model is based on the concept of permissions, which defines the privileges a user has on a document. The following table shows the set of permissions supported by Oracle Content Server. Each permission is a superset of the previous ones. For example, Write permission includes Read permission. Admin permission is a superset of all the permissions.

Table 7-16 Oracle Content Server Permissions

Permission Description

Read

View documents

Write

View, Check In, Check Out, and Get Copy of documents

Delete

View, Check In, Check Out, Get Copy, and Delete documents

Admin

View, Check In, Check Out, Get Copy, and Delete documents

An Administration user with Workflow rights can start or edit a workflow for the document. An Administration user can also check in documents with another user specified as the Author.


Oracle Content Server provides multiple security models, including an out-of-the-box security system and integration with centralized security models such as LDAP and Active Directory.

Oracle Universal Content Management security can work in these modes:

  • Universal Content Management native identity plugin where Universal Content Management is not connected to a directory

  • Oracle Internet Directory

  • Active Directory only where Universal Content Management is connected to Active Directory using LDAP. A connection to Active Directory using Microsoft Security is not supported.

The Oracle SES Oracle Content Server connector supports the two most popular security models among current Oracle Content Server customers: Roles and Groups, and Accounts.

Roles and Groups

A security group is a set of files grouped under a unique name. Every file in the library belongs to a security group. Access to security groups is controlled by the permissions, which are assigned to roles, which are assigned to users. For example, the EngAdmin role has Read, Write, Delete, and Admin permission to all content in the EngDocs security group. User Joe is assigned to role EngAdmin; therefore, Joe has all permissions to the documents in EngDocs group.

Accounts

Accounts provide greater flexibility and granularity than groups. An account is a group of content. It introduces another metadata field that is filled out upon content check-in. When accounts are enabled, content items also can be assigned to an account in addition to the security group. A user must have access to the account to read, write, delete or administer content in that account. When accounts are used, the account becomes the primary permission to satisfy before security group permissions are applied.

A user's access to a document is like the intersection between their account permissions and security group permissions. For example, a user is assigned the EngAdmin role, which has all permissions to the documents in EngDocs security group. At the same time, the user is also assigned Read and Write permission to the EngProjA account. Therefore, the user has only Read and Write permission to a content item that is in the EngDocs security group and the EngProjA account.

Accounts can also be set up in a hierarchical structure. A user has permission to the entire subtree starting from the account node. For instance, a user assigned to the Eng account has access to Eng/AbcProj and Eng/XyzProj, or any accounts beginning with Eng. In other words, users that have permission to a particular account prefix also have access to all accounts with that prefix.

Note:

Oracle Content Server uses a prefix test for account filtering, so a slash (/) has no special meaning. A user granted permission to account A has access to any documents in account A*, such as A, AB, or A/B. The hierarchical structure takes advantage of the prefix semantics, but it is enforced with the account model. Hence, there is no special character as the level divider when testing for account permissions.

See Also:

Oracle Universal Content Management documentation at

http://www.oracle.com/technology/products/content-management/ucm/index.html

Setting Up Identity Management for Oracle Content Server

To activate the Oracle Content Server identity plug-in:

  1. On the Global Settings page, select Identity Management Setup under the System heading.

    The Global Settings - Identity Management Setup page is displayed.

  2. Select Oracle Content Server and click Activate.

  3. Enter values for the parameters described in Table 7-17, then click Finish.

Table 7-17 Oracle Content Server Connector Setup Parameters

Parameter Value

HTTP endpoint for authentication

HTTP endpoint for Oracle Content Server authentication. For example, http://my.host.com:port/idc/idcplg

Admin User

Administrative user who accesses the Oracle Content Server Identity Service API

Password

Administrative user password


Creating an Oracle Content Server Source

To create an Oracle Content Server source using the Oracle SES Administration GUI:

  1. On the Home page, click the Sources secondary tab to display the Sources page.

  2. Select Oracle Content Server from the Source Type list, then click Create to display Step 1 Parameters.

  3. Enter values for the parameters described in Table 7-18.

  4. Click Next to display Step 2 Authorization, then set values for the parameters described in Table 7-18.

  5. Scroll down to Security Attributes to verify that ACCOUNT and DOCSECURITYGROUP are listed. If they are not, then the source was not created correctly. Verify that the Configuration URL in Step 1 is correct.

  6. Click Create to create the Oracle Content Server source.

    After processing each data feed, a status feed is uploaded to the location specified in the configuration file. This status feed is named one of the following:

    • data_feed_file_name.suc indicates the data feed was processed successfully.

    • data_feed_file_name.err indicates that an error was encountered while processing the feed. The errors are listed in this status feed.

Tip:

To index multibyte character sets, set the default character set of the crawler to UTF-8 regardless of the character set of Oracle Content Server. See "Modifying the Crawler Parameters".

Table 7-18 Oracle Content Server Source Parameters (Step 1)

Parameter Value

Configuration URL

URL of the XML configuration file providing details of the source, such as the data feed type, location, security attributes, and so on. Obtain the location of the file from the Oracle Content Server administrator.

Use the following format to enter the configuration URL:

http://host_name/instance_name/idcplg?IdcService=SES_CRAWLER_DOWNLOAD_CONFIG&source=source_name

Authentication Type

Java authentication type. Set this parameter when the data feeds are accessed over HTTP.

Enter one of the following values:

  • NATIVE: Proprietary XML over HTTP authentication

  • ORASSO: Oracle Single Sign-on.

User ID

User ID to access the data feeds. The access details of the data feed are specified in the configuration file. Obtain a user ID from the Oracle Content Server administrator.

Password

Password for User ID. Obtain the password from the Oracle Content Server administrator.

Realm

Realm of the Oracle Content Server instance.

Oracle SSO Login URL

URL that protects all OracleAS Single Sign-on applications. Set this parameter when the Authentication Type is ORASSO.

Oracle SSO Action URL

URL that authenticates OracleAS Single Sign-on user credentials. The login form is submitted to this URL. Set this parameter when Authentication Type is ORASSO.

Scratch Directory

Directory where Oracle SES can write temporary status logs. The directory must be on the same system where Oracle SES is installed. Optional.

Maximum number of connection attempts

Maximum number of attempts to connect to the target server for access to the data feed.


Table 7-19 Oracle Content Server Connector Authorization Parameters (Step 2)

Parameter Value

HTTP Endpoint for Authorization

HTTP endpoint for Oracle Content Server authorization, such as http://example.com:7777/idc/idcplg.

Display URL Prefix

HTTP host information to prefix the partial URL specified in the access URL of the documents in RSS feeds to form the complete URL. This complete URL is displayed as the URL when a user clicks the document link in the Oracle SES search results page. For example, you might display http://example.com:7777/idc (not http://example.com/, as shown on the user interface page).

Administrator User

Administrative user to access the Authorization Service API of Oracle Content Server.

Administrator Password

Administrative user password.

Display Crawled Version

Controls access to the crawled documents:

  • true: Search results point to the crawled version of the document.

  • false: Search results point to the content information page.

Authorization User ID Format

Format of the user ID used by the Oracle Content Server authorization API, such as username, email, nickname, user_name.

Use Cached User and Role Information to Authorize Results

Controls user authorization:

  • true: Uses the cached user query filter. This setting removes the query time dependency on Oracle Content Server.

  • false: Queries Oracle Content Server for authorization.

User Role Data Source to Cache the Filter

The name of the Oracle Content Server Users source that has crawled the user's SecurityGroup and Account information.

Authentication Type

Java authentication type. Enter NATIVE for proprietary XML over HTTP authentication, or ORASSO for Oracle Single Sign-on. Set this parameter when the data feeds are accessed over HTTP.

Realm

Realm of the Oracle Content Server instance.

Oracle SSO Login URL

URL that protects all OracleAS Single Sign-on applications. Set this parameter when the Authentication Type is ORASSO.

Oracle SSO Action URL

URL that authenticates OracleAS Single Sign-on user credentials. The login form is submitted to this URL. Set this parameter when Authentication Type is ORASSO.


Note:

In previous releases, the base path of Oracle SES was referred to as ORACLE_HOME. In Oracle SES release 11g, the base path is referred to as ORACLE_BASE. This represents the Software Location that you specify at the time of installing Oracle SES.

ORACLE_HOME now refers to the path ORACLE_BASE/seshome.

For more information about ORACLE_BASE, see "Conventions".