Configuration

Updated on 13 May 2024
4 Minutes to read

Print
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

These instructions are for users of Version 8.x only. You can locate the current version in the footer of the IMAT application. Due to the new underlying SearchServer structure introduced in 9.0, the files are no longer needed beyond the 8.x series.

[plugin:auth_tkt]
use =uibase.lib.auth_tkt:make_plugin
# this is a generic value, it is changed in the appliance RPM
# do not change this value without changing the spec files (uses
# the value in a search and replace sed command)
secret =some browsers enable drag-n-drop only when dataTransfer has data xxxxxxxxxxxxxxxxxxxxx
timeout =7200
reissue_time =300
secure =True

Default Timeout

If a user is inactive for too long after logging in, the system times out and the user is required to log in to his or her account again.

To change the default timeout limit, follow the steps below:

Go to the file /opt/search/default/conf/who.ini.
Find the line that reads timeout.
Change the value to the desired amount of seconds.
Restart the middleware services in order to apply the change. Contact support if you need help restarting the services.

Note that time is measured in seconds. IMAT's default is 7,200 seconds (2 hours). To change the value, it might be easiest to do an online search to find an hours-to-seconds converter to verify the new value matches what was intended.

dn:cn=Account Inactivation Policy,dc=searchappliance,dc=com
objectClass:top
objectClass:ldapsubentry
objectClass:extensibleObject
objectClass:accountpolicy
accountInactivityLimit:5184000
cn:Account Inactivation Polic

Default Inactivity Limit

If a user does not log in to his or her account within a certain amount of time, the account is automatically locked. In order to unlock their accounts, the users must contact the administrator.

To change the default inactivity limit, follow the steps below:

Go to the file /opt/search/default/conf/ldap/plugins2.ldif.
Find the line that reads accountInactivityLimit.
Change the value to the desired amount of seconds.

Run the necessary LDAP command with the specified file (this is what applies the change):

- ldapmodify -H ldaps:// -D cn=ldapmanager,ou=People,dc=searchappliance,dc=com -w $(sudo cat /opt/search/default/conf/.ldap_onbox_manager_password) -f /opt/search/default/conf/ldap/plugins2.ldif

Note that time is measured in seconds. The default time is 5,184,000 seconds (60 days). To change the value, it might be easiest to do an online search to find a days-to-seconds converter to verify the new value matches what was intended.

Admin Tile

The following files are found through the Configuration page in the Admin tile.

Enabling Search Authentication

You can require users to log in to the search interface. This can protect your critical data from being seen by individuals who have no legitimate reason to access the data. However, if you enable this option, you take on the responsibility of managing user accounts for everyone who needs access to the data.

In the Navigation menu, click Configuration, then select search-ui.ini from the menu.
Set the require_query_authentication parameter to True. To disable this feature, set the parameter to False.
Click save.
The ps-search-ui service must be restarted in order for changes to take effect. Contact professional services in order to restart it.

Enabling Collections

Collections allow you to give groups access to documents based on the file path.

In the Navigation menu, click Configuration, then select search-ui.ini from the menu.
Set the enable_collections parameter to True. To disable this feature, set the parameter to False.
Click save.
The ps-search-ui service must be restarted in order for changes to take effect. Contact professional services in order to restart it.

Configuring the Usage Logs

The search server saves information on each user as he or she uses the server. Because this information is logged, it is possible to search usage log entries in detail. The searchable logs provide information on who has searched, what has been searched, and when it has been searched. Other collected data includes URLs, clients, HTTP methods, etc.

Turning On and Off Usage Logs

Select one of these files from Choose a file:
- searchserver-ui.ini
- search-ui.ini
- admin-portal.ini
Scroll down the script until usage_logs = True is found.
Make sure it reads True to record usage logs. Change it to False if usage logs should not be recorded; however, not recording logs is not recommended.
Repeat steps 1 through 3 until all three files are configured.
Click save.

Changing the Usage Log Level

The level settings determine how much information is recorded. By default, the level is set to INFO. The lower the level of tracking is set, the more hits are returned with the usage log. The levels available from lowest to highest priority are DEBUG, INFO, WARNING, ERROR, and CRITICAL. Debug is the lowest level and therefore returns the most hits because it collects all the data from debug to critical. If only critical is chosen, the other four are not searchable.

It is possible to change the level of logs recorded; however, because almost all entries are recorded on the INFO level, the need to change these levels is minimal and should not be done under most circumstances.

Below are steps to change the level of recorded entries:

While still in the files above, locate the Logging configuration section.
```
# Logging configuration
[loggers]
keys = root, routes, searchserverui, usage, gunicorn.access
...
[logger_root]
level = INFO
handlers = console
```
Note:
Capitalization of the value is important; make sure each level value is in all capital letters.
Make all the level changes necessary for each section.
Click save.
Repeat for each configuration file.

Was this article helpful?

What's Next

Table of contents

Default Timeout
Default Inactivity Limit
Admin Tile