Connector Configuration

OpenText Documentum Configuration

Connection Settings

Configuration Options determining the credentials and target database.

Name	Description
Username	The account which you want to use to execute your Documentum query
Password	The password for the user.
Database	The OpenText Documentum repository which hosts the documents. Exactly one repository needs to be configured.
Documentum Foundation Classes	This file configures the Documentum Foundation Classes client on how to look up content repositories. It can be found in the OpenText Documentum installation directory, in the config folder as dfc.properties. This file coming from the Documentum installation directory can be used as is in most of the cases.
Documentum Foundation Classes	This keystore serves as the identity of the client. The default expects a keystore with a store password of 'dfc' and a certificate under the alias 'dfc' with the password '!!dfc!!'. These defaults can be changed by configuring them as part of the dfc.properties.

Name

Description

Username

The account which you want to use to execute your Documentum query

Password

The password for the user.

Database

The OpenText Documentum repository which hosts the documents. Exactly one repository needs to be configured.

Documentum Foundation Classes

This file configures the Documentum Foundation Classes client on how to look up content repositories. It can be found in the OpenText Documentum installation directory, in the config folder as dfc.properties. This file coming from the Documentum installation directory can be used as is in most of the cases.

Documentum Foundation Classes

This keystore serves as the identity of the client. The default expects a keystore with a store password of 'dfc' and a certificate under the alias 'dfc' with the password '!!dfc!!'. These defaults can be changed by configuring them as part of the dfc.properties.

Content Selection

Configuration Options determining which DQL queries are used to request documents from Documentum

Name Description

Name	Description
Base URI	This will be the root for Documentum links and must be set to the root web application of the OpenText Documentum UI.
Queries	DQL Queries which are requested from Documentum. They are not validated and results should not overlap. Type The type of document that should be queried, i.e. the table for the query. A suitable value would be 'dm_document'. Conditions Restrictions which the documents also have to fulfil. If more than one condition is given, all conditions have to be fulfilled for a document to be indexed. For further reference and more advanced Documentum users, this is the full DQL query that is sent to the OpenText Documentum instance. `select r_object_id, acl_name, acl_domain, group_name, owner_name, [additionalChecksumFields] from TYPE where condition1 [AND condition2] [AND condition3] order by r_object_id asc ENABLE (SQL_DEF_RESULT_SET page_size)`

Base URI

This will be the root for Documentum links and must be set to the root web application of the OpenText Documentum UI.

Queries

DQL Queries which are requested from Documentum. They are not validated and results should not overlap.

Type

The type of document that should be queried, i.e. the table for the query. A suitable value would be 'dm_document'.

Conditions

Restrictions which the documents also have to fulfil. If more than one condition is given, all conditions have to be fulfilled for a document to be indexed.

For further reference and more advanced Documentum users, this is the full DQL query that is sent to the OpenText Documentum instance.

select r_object_id, acl_name, acl_domain, group_name, owner_name, [additionalChecksumFields] from TYPE where condition1 [AND condition2] [AND condition3] order by r_object_id asc ENABLE (SQL_DEF_RESULT_SET page_size)

Tuning Settings (Optional)

Settings for pagination and caching to improve performance at the cost of increased memory.

Name

Description

Content Batch Size

The number of documents which is collected with a single call to Documentum during content synchronization. Only the id and the security and checksum fields are queried. This is an optional value with a default of 1000.

Security Batch Size

The number of principals which is collected with a single call to Documentum during principal synchronization. Only the id and the user alias fields are queried. This is an optional value with a default of 10,000.

Breadcrumb Cache (Optional)

Cache for folders which make up the document breadcrumbs.

Name

Description

Maximum size

The maximum number of elements in this cache before elements are evicted with a least-recently-used strategy. This is an optional value with a default of 10000.

Maximum Time-To-Live

Maximum age of a queried element before it is re-queried from Documentum. Changes to an element will only be picked up after the element expired. This is an optional value with a default of 1h.

ACL Cache (Optional)

Cache for objects from dm_user to determine whether they are users or groups.

Name

Description

Maximum size

The maximum number of elements in this cache before elements are evicted with a least-recently-used strategy. This is an optional value with a default of 10000.

Maximum Time-To-Live

Maximum age of a queried element before it is re-queried from Documentum. Changes to an element will only be picked up after the element expired. This is an optional value with a default of 1h.

ACL Type Cache (Optional)

Cache for objects from dm_user to determine whether they are users or groups.

Name

Description

Maximum size

The maximum number of elements in this cache before elements are evicted with a least-recently-used strategy. This is an optional value with a default of 10000.

Maximum Time-To-Live

Maximum age of a queried element before it is re-queried from Documentum. Changes to an element will only be picked up after the element expired. This is an optional value with a default of 1h.

Documentum Field Mapping (Optional)

This section contains the document fields which, if present, are used to fill the strongly typed Raytion default schema. All metadata that are available in the selected table will be transferred to the source system metadata map.

The list of standard metadata and their default source field is the following:

Name

Description

Title

object_name

Item type

r_object_type

Mime type

a_content_type

File extension

a_content_type

Keywords

keywords

Languages

language_code

Author

r_creator_name

Contributors

<empty>

Creation date

r_creation_date

Modification date

r_modify_date

Documentum Security Settings (Optional)

Configuration Options determining additional settings for the principal synchronization.

Name

Description

Principal Alias

The field from which the user name for the principal synchronization is taken, so that mapping into other security domains becomes possible. By default this is the field user_name.

Amazon Kendra Configuration

Instance Configuration

Configuration options related to specifying the target Kendra Index and Data Source including authentication/authorization settings.

Setting Description

Setting	Description
Index ID	ID of the target index. It can be retrieved in your AWS management console under `Services → Amazon-Kendra → Indexes → <your_index>`.
Region ID	ID of the region where the index is deployed. One of us-east-1(N. Virginia), us-east-2(Ohio), us-west-2(Oregon), eu-west-1(Ireland), ca-central-1(Canada), ap-southeast-1(Singapore) or ap-southeast-2(Sydney) is available.
Amazon Resource Name	ARN of the IAM Service Role assigned to the index. It can be retrieved in your AWS management console under `Services → Amazon-Kendra → Indexes → <your_index>`. If the option `Use S3` is enabled under `Advanced Configuration → Content Processing Settings`, make sure that the policy attached to the role contains the permission `S3:GetObject` for all objects inside the target bucket.
Data Source ID	ID of the Custom Data Source Connector added to target index. All documents and groups processed by the connector will be attached to this data source. It can be retrieved in your AWS management console under `Services → Amazon-Kendra → Indexes → <your_index> → Data management → Data sources → <your_data_source>`.
Use System Credentials	To authenticate against Amazon Kendra, you must provide your AWS Access Key and AWS Secret Access Key. If `Use System Credentials` is set to true, these keys will be automatically discovered from following locations: - Java System Properties `aws.accessKeyId` and `aws.secretAccessKey` - Environment Variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` - Web Identity Token credentials from System or Environment Variables - Credentials Profile File at location `~/.aws/credentials` - Credentials delivered through the Amazon EC2 container - Instance profile credentials delivered through the Amazon EC2 metadata service
Access Key	If `Use System Credentials` is set to false, access keys need to be specified explicitly in the configuration. The specified account requires the Managed Policy `AmazonKendraFullAccess`.
Secret Access Key	Secret Key of the specified AWS account. The value will be stored encrypted by the connector.
Use Proxy	If enabled, the connection to AWS and Kendra Service will be established through a HTTP/HTTPS proxy.
Proxy Endpoint	Target proxy URL including protocol, host and port.
Proxy Authentication	If enabled, the connector uses the specified credentials to authenticate towards proxy.
Proxy Username	Proxy authentication username.
Proxy Password	Proxy authentication password. The value will be stored encrypted by the connector.

Index ID

ID of the target index. It can be retrieved in your AWS management console under Services → Amazon-Kendra → Indexes → <your_index>.

Region ID

ID of the region where the index is deployed. One of us-east-1(N. Virginia), us-east-2(Ohio), us-west-2(Oregon), eu-west-1(Ireland), ca-central-1(Canada), ap-southeast-1(Singapore) or ap-southeast-2(Sydney) is available.

Amazon Resource Name

ARN of the IAM Service Role assigned to the index. It can be retrieved in your AWS management console under Services → Amazon-Kendra → Indexes → <your_index>. If the option Use S3 is enabled under Advanced Configuration → Content Processing Settings, make sure that the policy attached to the role contains the permission S3:GetObject for all objects inside the target bucket.

Data Source ID

ID of the Custom Data Source Connector added to target index. All documents and groups processed by the connector will be attached to this data source. It can be retrieved in your AWS management console under Services → Amazon-Kendra → Indexes → <your_index> → Data management → Data sources → <your_data_source>.

Use System Credentials

To authenticate against Amazon Kendra, you must provide your AWS Access Key and AWS Secret Access Key. If Use System Credentials is set to true, these keys will be automatically discovered from following locations:

- Java System Properties aws.accessKeyId and aws.secretAccessKey

- Environment Variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

- Web Identity Token credentials from System or Environment Variables

- Credentials Profile File at location ~/.aws/credentials

- Credentials delivered through the Amazon EC2 container

- Instance profile credentials delivered through the Amazon EC2 metadata service

Access Key

If Use System Credentials is set to false, access keys need to be specified explicitly in the configuration. The specified account requires the Managed Policy AmazonKendraFullAccess.

Secret Access Key

Secret Key of the specified AWS account. The value will be stored encrypted by the connector.

Use Proxy

If enabled, the connection to AWS and Kendra Service will be established through a HTTP/HTTPS proxy.

Proxy Endpoint

Target proxy URL including protocol, host and port.

Proxy Authentication

If enabled, the connector uses the specified credentials to authenticate towards proxy.

Proxy Username

Proxy authentication username.

Proxy Password

Proxy authentication password. The value will be stored encrypted by the connector.

Content Processing Configuration (Optional)

Documents with empty content or large content can be rejected by Kendra. In order to fine-tune the behaviour for the processing of these documents, consider to set one of the properties below.

Setting Description

Setting	Description
Empty Content Token	Items with unsupported mime types (supported are: `application/pdf`, `text/html`, `application/xhtml+xml`, `application/msword`, `application/mspowerpoint` and `text/plain`) or empty content are rejected by Kendra. To make those items available in the search, the connector allows you to configure a token which will be appended to the content of those items.
Use S3	If enabled, binary content of documents exceeding the content size limit will be processed to a S3 bucket.
Content Size Limit	All documents with content size exceeding this value will be processed to the configured S3 bucket. Else, documents are processed as inline documents including their content directly to Kendra index. If the S3 option is enabled, it is recommended to set the value below 5MB, as this is the limit defined by Kendra for inline documents.
Bucket ID	ID of the bucket.
Region ID	ID of the region where the bucket is deployed. One of us-east-1(N. Virginia), us-east-2(Ohio), us-west-2(Oregon), eu-west-1(Ireland), ca-central-1(Canada), ap-southeast-1(Singapore) or ap-southeast-2(Sydney) is available.
Use System Credentials	To authenticate against Amazon S3, you must provide your AWS Access Key and AWS Secret Access Key. If `Use System Credentials` is set to true, these keys will be automatically discovered from following locations: - Java System Properties `aws.accessKeyId` and `aws.secretAccessKey` - Environment Variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` - Web Identity Token credentials from System or Environment Variables - Credentials Profile File at location `~/.aws/credentials` - Credentials delivered through the Amazon EC2 container - Instance profile credentials delivered through the Amazon EC2 metadata service
Access Key	If `Use System Credentials` is set to false, access keys need to be specified explicitly in the configuration. The specified account requires at least write access to the bucket.
Secret Access Key	Secret Key of the specified AWS account. The value will be stored encrypted by the connector.
Use Proxy	If enabled, the connection to AWS and S3 Service will be established through a HTTP/HTTPS proxy.
Proxy Endpoint	Target proxy URL including protocol, host and port.
Proxy Authentication	If enabled, the connector uses the specified credentials to authenticate towards proxy.
Proxy Username	Proxy authentication username.
Proxy Password	Proxy authentication password. The value will be stored encrypted by the connector.

Empty Content Token

Items with unsupported mime types (supported are: application/pdf, text/html, application/xhtml+xml, application/msword, application/mspowerpoint and text/plain) or empty content are rejected by Kendra. To make those items available in the search, the connector allows you to configure a token which will be appended to the content of those items.

Use S3

If enabled, binary content of documents exceeding the content size limit will be processed to a S3 bucket.

Content Size Limit

All documents with content size exceeding this value will be processed to the configured S3 bucket. Else, documents are processed as inline documents including their content directly to Kendra index. If the S3 option is enabled, it is recommended to set the value below 5MB, as this is the limit defined by Kendra for inline documents.

Bucket ID

ID of the bucket.

Region ID

ID of the region where the bucket is deployed. One of us-east-1(N. Virginia), us-east-2(Ohio), us-west-2(Oregon), eu-west-1(Ireland), ca-central-1(Canada), ap-southeast-1(Singapore) or ap-southeast-2(Sydney) is available.

Use System Credentials

To authenticate against Amazon S3, you must provide your AWS Access Key and AWS Secret Access Key. If Use System Credentials is set to true, these keys will be automatically discovered from following locations:

- Java System Properties aws.accessKeyId and aws.secretAccessKey

- Environment Variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

- Web Identity Token credentials from System or Environment Variables

- Credentials Profile File at location ~/.aws/credentials

- Credentials delivered through the Amazon EC2 container

- Instance profile credentials delivered through the Amazon EC2 metadata service

Access Key

If Use System Credentials is set to false, access keys need to be specified explicitly in the configuration. The specified account requires at least write access to the bucket.

Secret Access Key

Secret Key of the specified AWS account. The value will be stored encrypted by the connector.

Use Proxy

If enabled, the connection to AWS and S3 Service will be established through a HTTP/HTTPS proxy.

Proxy Endpoint

Target proxy URL including protocol, host and port.

Proxy Authentication

If enabled, the connector uses the specified credentials to authenticate towards proxy.

Proxy Username

Proxy authentication username.

Proxy Password

Proxy authentication password. The value will be stored encrypted by the connector.

Content Batching Configuration (Optional)

Documents are processed in a batch to Kendra. This configuration section includes all batch related properties including the callback behavior.

Setting Description

Setting	Description
Max. Size	Max. batch size. All batch put requests will be restricted to this value. The max. allowed value is `10`.
Ignore Processing State	If enabled, the connector submits all documents asynchronously without polling the processing state from Kendra. Documents failed during processing are not recognized by the connector. Unless you would like to monitor the indexing process using Amazon CloudWatch only, it is recommended to disable this option.
Flush Timeout	Periodic delay between flushing the batch. Within this period, it is guaranteed that the batch is flushed. If the current batch size exceeds the configured max. batch size, only the max. number of items will be flushed in a single cycle.
Callback Timeout	The Batch API used to index or delete items is asynchronous. The connector is polling the state of the submitted requests to track the state of the items. This property defines the timeout until the connector is expecting the requests to be completed in the asynchronous processing in the search engine.

Max. Size

Max. batch size. All batch put requests will be restricted to this value. The max. allowed value is 10.

Ignore Processing State

If enabled, the connector submits all documents asynchronously without polling the processing state from Kendra. Documents failed during processing are not recognized by the connector. Unless you would like to monitor the indexing process using Amazon CloudWatch only, it is recommended to disable this option.

Flush Timeout

Periodic delay between flushing the batch. Within this period, it is guaranteed that the batch is flushed. If the current batch size exceeds the configured max. batch size, only the max. number of items will be flushed in a single cycle.

Callback Timeout

The Batch API used to index or delete items is asynchronous. The connector is polling the state of the submitted requests to track the state of the items. This property defines the timeout until the connector is expecting the requests to be completed in the asynchronous processing in the search engine.

HTTP Connection Configuration (Optional)

Configuration options for fine-tuning the Http connection parameters.

Setting	Description
Connection Acquire Timeout	Timeout value for acquiring an already established connection from the connector’s connection manager.
Connection Timeout	Timeout value for establishing a connection to AWS.
Connection Idle Timeout	Timeout value after an idle connection should be closed.
Connection Time to Live	Timeout value after the connection should be closed regardless of its current state.
Max. Number of Connections	Max. number of allowed connections maintained by the connection manager.
Max. Number of acquired connections	Max. number of requests allowed to wait for a connection.

Setting

Description

Connection Acquire Timeout

Timeout value for acquiring an already established connection from the connector’s connection manager.

Connection Timeout

Timeout value for establishing a connection to AWS.

Connection Idle Timeout

Timeout value after an idle connection should be closed.

Connection Time to Live

Timeout value after the connection should be closed regardless of its current state.

Max. Number of Connections

Max. number of allowed connections maintained by the connection manager.

Max. Number of acquired connections

Max. number of requests allowed to wait for a connection.

General Configuration

Database Configuration

Setting Description

Setting	Description
URL	JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: `jdbc:postgresql:<host>:<port>/<database>`
Username	Database Username to read and write to database.
Password	Database Password for the specified user

URL

JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: jdbc:postgresql:<host>:<port>/<database>

Username

Database Username to read and write to database.

Password

Database Password for the specified user

Traversal Configuration

Setting	Description
Traversal History Length	Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)
Number of Traversal Workers	Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)
Traversal Job Poll Interval	Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)
Completion Timeout	If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Setting

Description

Traversal History Length

Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)

Number of Traversal Workers

Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)

Traversal Job Poll Interval

Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)

Completion Timeout

If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Principal Aliaser Configuration

Principal Aliasing is applied on user information as part of Content ACL processing during Content Synchronization and Principal processing during Principal Synchronization. It’s purpose is to map external source system user to the corresponding user in search engines domain. You can configure a list of aliasers in the connector which will be applied in sequence and in order on user ACEs and user principals. The Connector supports following custom aliasing mechanism.

Custom Aliaser Disabled

If the Custom Aliaser checkbox is not selected, the connector will process user information on ACE and user principals unchanged to Search Engine. If all relevant users in the source system can be found with the same identifier in the search engine, this setup is sufficient to reflect the same secure search experience in the search engine as defined by the policy in the source system. The connector uses this option as default to process user information.

Custom Aliaser Enabled

If custom aliasing is enable then there are four types of aliaser avaialble:

Simple XML Table Aliaser

Static mapping table which can be uploaded as XML file. The connector uses the uploaded file as lookup table to map a user in the source system to a user in the search engine. Users missing a record in the file will be dropped from the ACE and during Principal Synchronization. This option is only recommended for environment with a manageable amount of users as for each user the corresponding mapping entry needs to be specified in the file.

Setting	Description
XML Mapping File	Browse and upload or drag and drop.

Setting

Description

XML Mapping File

Browse and upload or drag and drop.

Sample XML mapping file:

<?xml version="1.0" encoding="UTF-8"?>
<storeddata>
    <entry keyValue="user1">user1@raytion.com</entry>
    <entry keyValue="user2">user2@raytion.com</entry>
    <entry keyValue="user3">user3@raytion.com</entry>
</storeddata>

Regex Replacer Aliaser

Regex Replacer Aliaser computes aliases based on a regular expression. Principals that match the regular expression are replaced by the Substitution String.

Setting	Description
Pattern	The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1
Substitute String	String to replace the matching part of the find string. Matched value is accessed by employing $1

Setting

Description

Pattern

The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1

Substitute String

String to replace the matching part of the find string. Matched value is accessed by employing $1

Regex Extractor Aliaser

Regex Extractor Aliaser computes aliases based on a regular expression. Principals that match the regular expression are inserted into the Insert-Into String.

Setting	Description
Pattern	The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$
Insert-Into String	String to replace the matching part of the pattern. Matched value is accessed by employing $$

Setting

Description

Pattern

The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$

Insert-Into String

String to replace the matching part of the pattern. Matched value is accessed by employing $$

LDAP Aliaser

Ldap Aliaser searches for an LDAP entry with the requested name in the input value and returns the specified output attribute.

Setting	Description
Host	Fully Qualified Domain Name of an LDAP server
Port	Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL
AccountDN	AccountDN for bind to LDAP
Password	Password part of credentials
Input Field	The Active Directory attribute name for this equality filter
Search Root DN	Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree
Output Field	Attribute that should be returned in result entries

Setting

Description

Host

Fully Qualified Domain Name of an LDAP server

Port

Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL

AccountDN

AccountDN for bind to LDAP

Password

Password part of credentials

Input Field

The Active Directory attribute name for this equality filter

Search Root DN

Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree

Output Field

Attribute that should be returned in result entries