Support Resources

LucidWorks Forum
KnowledgeBase

LucidWorks Search v2.5

PDF Versions

Older Versions

LucidWorks 2.1
LucidWorks 2.0
LucidWorks 1.8

This is the documentation for the LucidWorks Search v2.5, the latest release. Go here for LucidWorks 2.1.

Skip to end of metadata
Go to start of metadata

The Filtering API allows you to configure instances of filtering-related search components, such as those used to filter search results by Access Control Lists. A filter can then be used to filter search results according to the Users group membership within Active Directory.

The Filtering API creates a searchComponent in the collection's solrconfig.xml file.

After the searchComponent has been created, it should be added to the /lucid request handler with the Search Components API.

API Entry Points

/api/collections/collection/filtering/: list all filtering instances.

/api/collections/collection/filtering/instance-name: get, update, and delete configuration details about a search component instance.

List Existing Filtering Components

GET /api/collections/collection/filtering

Input

Path Parameters

None.

Query Contents

None.

Output

Output Contents

A list of JSON hashes of instances configuration:

Key Description
filterer.class class name that generates the effective filter queries based on tags. Use com.lucid.security.WindowsACLQueryFilterer
filterer.config hash containing configuration for filterer instance, for com.lucid.security.WindowsACLQueryFilterer, the following keys are supported:
fallback_query: Specifies the query to use when AD provided no sid information for the user, by default this is -*:*
should_clause: An optional should clause that is used in the top level boolean query that is constructed based on the sid information provided by the Active directory
for example if you want to allow all non SMB content to be available to everybody you could use "*:* -data_source_type:smb"
provider.class class name that reads user groups from Windows ActiveDirectory and builds access tags based on those. Use com.lucid.security.ad.ADACLTagProvider
provider.config hash containing configuration for provider instance, for com.lucid.security.ad.ADACLTagProvider, the following keys are supported:
java.naming.provider.url: specifies the ActiveDirectory LDAP URL
java.naming.security.principal: the user ID for accessing ActiveDirectory
java.naming.security.credentials: password for the user account accessing ActiveDirectory
userFilter: specifies the LDAP search filter for the user in ActiveDirectory. By default, the userFilter is (&(objectclass=user)(userPrincipalName={0})).
groupFilter: specifies the LDAP search filter for the group in ActiveDirectory. By default the groupFilter is (&(objectclass=group)).

Examples

List filterer component confiugurations in the social collection.

Input

curl 'http://localhost:8888/api/collections/social/filtering'

Output

{
  "ad": {
    "provider.class":"com.lucid.security.ad.ADACLTagProvider",
    "filterer.class":"com.lucid.security.WindowsACLQueryFilterer",
    "provider.config":{
       "java.naming.provider.url": "ldap://pdc.domain/",
       "java.naming.security.principal": "ad-user@domain",
    },
    "filterer.config":{}
  }
}

Back to Top

Get the Configuration of a Single Filtering Component

GET /api/collections/collection/filtering/instance-name

Input

Path Parameters

Key Description
collection The collection name
instance name of the search component instance

Output

Output Contents

JSON hash of instance configuration with the following keys:

Key Description
filterer.class class name that generates the effective filter queries based on tags. Use com.lucid.security.WindowsACLQueryFilterer
filterer.config hash containing configuration for filterer instance, for com.lucid.security.WindowsACLQueryFilterer, the following keys are supported:
fallback_query: Specifies the query to use when AD provided no sid information for the user, by default this is -*:*
should_clause: An optional should clause that is used in the top level boolean query that is constructed based on the sid information provided by the Active directory
for example if you want to allow all non SMB content to be available to everybody you could use "*:* -data_source_type:smb"
provider.class class name that reads user groups from Windows ActiveDirectory and builds access tags based on those. Use com.lucid.security.ad.ADACLTagProvider
provider.config hash containing configuration for provider instance, for com.lucid.security.ad.ADACLTagProvider, the following keys are supported:
java.naming.provider.url: specifies the ActiveDirectory LDAP URL
java.naming.security.principal: the user ID for accessing ActiveDirectory
java.naming.security.credentials: password for the user account accessing ActiveDirectory
userFilter: specifies the LDAP search filter for the user in ActiveDirectory. By default, the userFilter is (&(objectclass=user)(userPrincipalName={0})).
groupFilter: specifies the LDAP search filter for the group in ActiveDirectory. By default the groupFilter is (&(objectclass=group)).

Response Codes

200: Success OK

Examples

Get the filterer configuration for the ad instance in the social collection.

Input

curl 'http://localhost:8888/api/collections/social/filtering/ad'

Output

{
 "filterer.class": "com.lucid.security.WindowsACLQueryFilterer",
 "provider.class": "com.lucid.security.ad.ADACLTagProvider",
 "provider.config":
  {
   "java.naming.provider.url": "ldap://pdc.domain/",
   "java.naming.security.principal": "ad-user@domain",
  }
}'

Back to Top

Create a New Filtering Component

POST /api/collections/collection/filtering

Input

Path Parameters

Key Description
collection The collection name
instance name of the search component instance

Input Content

Hash of configuration values to set. See Get Output Contents for supported values.

Output

Response Codes

201: created
422: If there was a problem in creating a configuration

Examples

Set the filterer configuration for the ad instance in the social collection.

curl -v -X POST http://localhost:8888/api/collections/social/filtering/ad
 -H "Accept: application/json"
 -H "Content-Type: application/json"
 -d '{
      "filterer.class": "com.lucid.security.WindowsACLQueryFilterer",
      "provider.class": "com.lucid.security.ad.ADACLTagProvider",
      "provider.config":
        {
         "java.naming.provider.url": "ldap://10.0.0.50/",
         "java.naming.security.principal": "user@dc.domain.example",
         "java.naming.security.credentials": "password"
        }
      }'

Back to Top

Update a Filtering Component Instance

PUT /api/collections/collection/filtering/instance

Input

Path Parameters

Key Description
collection The collection name
instance name of the search component instance

Input Content

Hash of configuration values to set. See Get Output Contents for supported values.

Output

Response Codes

204: success no content

Examples

Set the filterer configuration for the ad instance in the social collection.

curl -v -X PUT http://localhost:8888/api/collections/social/filtering/ad
 -H "Accept: application/json"
 -H "Content-Type: application/json"
 -d '{
      "filterer.class": "com.lucid.security.WindowsACLQueryFilterer",
      "provider.class": "com.lucid.security.ad.ADACLTagProvider",
      "provider.config":
        {
         "java.naming.provider.url": "ldap://10.0.0.50/",
         "java.naming.security.principal": "user@dc.domain.example",
         "java.naming.security.credentials": "password"
        }
      }'

Back to Top

Delete a Filtering Component

DELETE /api/collections/collection/filtering/instance

Input

Path Parameters

Key Description
collection The collection name
instance name of the search component instance

Output

Response Codes

204: success no content
404: when deleting non existing instance

Back to Top

Dynamic Fields Collections Search Components
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.