Configuring a user account for search host security
To search Content Manager items, the Content Manager uses a Lucene/Solr search host, which may or may not be running on a separate machine. To ensure that communication between the Content Manager and the search host is secure, SDL Tridion lets you configure a Windows or Active Directory username and password dedicated to this purpose. This account must be in a Windows or Active Directory group which, ideally, is also dedicated to this purpose. Both the group and the username are case-sensitive and cannot contain spaces.
During installation, the installer configures the MTS User as the user account that connects to the search host. It also creates a local group called <MACHINENAME>\SDLSearchUsers on the fly and adds the MTS User to it.
After you have installed Content Manager, you can change the username, password and/or group name. The user must always be a member of the group. SDL recommends replacing the local group created by the installer with an Active Directory group.
To configure a new username and/or password, refer to Search settings - Query Engine Settings.
To configure a new group name, do the following:
- Access the Content Manager root location, which by default is c:\Program Files\Tridion or c:\Program Files (x86)\Tridion, and from that location, access the subfolder solr-jetty\conf.
- In this folder, open the file webdefault.xml in a plain-text or XML editor.
Near the bottom of the file, find the following elements:
<security-role>, which contains a<role-name>element containing the group name.<security-constraint>, which contains an<auth-constraint>element, which in turn also contains a<role-name>element containing the group name.- In both places, replace the group name you see with a new group name. Note again that the user you specified in the Snap-in must be a member of this group.