- 13 May 2024
- 4 Minutes to read
- Print
- DarkLight
Configuration
- Updated on 13 May 2024
- 4 Minutes to read
- Print
- DarkLight
These instructions are for users of Version 8.x only. You can locate the current version in the footer of the IMAT application. Due to the new underlying SearchServer structure introduced in 9.0, the files are no longer needed beyond the 8.x series.
[plugin:auth_tkt]
use =uibase.lib.auth_tkt:make_plugin
# this is a generic value, it is changed in the appliance RPM
# do not change this value without changing the spec files (uses
# the value in a search and replace sed command)
secret =some browsers enable drag-n-drop only when dataTransfer has data xxxxxxxxxxxxxxxxxxxxx
timeout =7200
reissue_time =300
secure =True
Default Timeout
If a user is inactive for too long after logging in, the system times out and the user is required to log in to his or her account again.
To change the default timeout limit, follow the steps below:
- Go to the file /opt/search/default/conf/who.ini.
- Find the line that reads timeout.
- Change the value to the desired amount of seconds.
- Restart the middleware services in order to apply the change. Contact support if you need help restarting the services.
Note that time is measured in seconds. IMAT's default is 7,200 seconds (2 hours). To change the value, it might be easiest to do an online search to find an hours-to-seconds converter to verify the new value matches what was intended.
dn:cn=Account Inactivation Policy,dc=searchappliance,dc=com
objectClass:top
objectClass:ldapsubentry
objectClass:extensibleObject
objectClass:accountpolicy
accountInactivityLimit:5184000
cn:Account Inactivation Polic
Default Inactivity Limit
If a user does not log in to his or her account within a certain amount of time, the account is automatically locked. In order to unlock their accounts, the users must contact the administrator.
To change the default inactivity limit, follow the steps below:
- Go to the file /opt/search/default/conf/ldap/plugins2.ldif.
- Find the line that reads accountInactivityLimit.
- Change the value to the desired amount of seconds.
- Run the necessary LDAP command with the specified file (this is what applies the change):
- ldapmodify -H ldaps:// -D cn=ldapmanager,ou=People,dc=searchappliance,dc=com -w $(sudo cat /opt/search/default/conf/.ldap_onbox_manager_password) -f /opt/search/default/conf/ldap/plugins2.ldif
Note that time is measured in seconds. The default time is 5,184,000 seconds (60 days). To change the value, it might be easiest to do an online search to find a days-to-seconds converter to verify the new value matches what was intended.
Admin Tile
The following files are found through the Configuration page in the Admin tile.
Enabling Search Authentication
You can require users to log in to the search interface. This can protect your critical data from being seen by individuals who have no legitimate reason to access the data. However, if you enable this option, you take on the responsibility of managing user accounts for everyone who needs access to the data.
- In the Navigation menu, click Configuration, then select search-ui.ini from the menu.
- Set the
require_query_authentication
parameter toTrue
. To disable this feature, set the parameter toFalse
. - Click .
- The ps-search-ui service must be restarted in order for changes to take effect. Contact professional services in order to restart it.
Enabling Collections
Collections allow you to give groups access to documents based on the file path.
- In the Navigation menu, click Configuration, then select search-ui.ini from the menu.
- Set the
enable_collections
parameter toTrue
. To disable this feature, set the parameter toFalse
. - Click .
- The ps-search-ui service must be restarted in order for changes to take effect. Contact professional services in order to restart it.
Configuring the Usage Logs
The search server saves information on each user as he or she uses the server. Because this information is logged, it is possible to search usage log entries in detail. The searchable logs provide information on who has searched, what has been searched, and when it has been searched. Other collected data includes URLs, clients, HTTP methods, etc.
Turning On and Off Usage Logs
- Select one of these files from Choose a file:
- searchserver-ui.ini
- search-ui.ini
- admin-portal.ini
- Scroll down the script until
usage_logs = True
is found. - Make sure it reads
True
to record usage logs. Change it toFalse
if usage logs should not be recorded; however, not recording logs is not recommended. - Repeat steps 1 through 3 until all three files are configured.
- Click .
Changing the Usage Log Level
The level settings determine how much information is recorded. By default, the level is set to INFO. The lower the level of tracking is set, the more hits are returned with the usage log. The levels available from lowest to highest priority are DEBUG, INFO, WARNING, ERROR, and CRITICAL. Debug is the lowest level and therefore returns the most hits because it collects all the data from debug to critical. If only critical is chosen, the other four are not searchable.
It is possible to change the level of logs recorded; however, because almost all entries are recorded on the INFO level, the need to change these levels is minimal and should not be done under most circumstances.
Below are steps to change the level of recorded entries:
- While still in the files above, locate the Logging configuration section.
# Logging configuration [loggers] keys = root, routes, searchserverui, usage, gunicorn.access ... [logger_root] level = INFO handlers = console
Note:Capitalization of the value is important; make sure each level value is in all capital letters. - Make all the level changes necessary for each section.
- Click .
- Repeat for each configuration file.