Prepare FAST Search Authorization for use with the FAST Search Lotus Notes connector(informazioni in lingua inglese)
Data pubblicazione: 12 maggio 2010
The user directory connector pushes Lotus Notes security information (user/group/group membership) into a FAST Search Authorization (FSA) Lotus Notes user store, essentially creating a copy/cache of the Lotus Domino user directory to be used by FAST Search Server 2010 for SharePoint.
The purpose of this is that, when an Active Directory user performs a search in FAST Search Server 2010 for SharePoint, the system can expand the user to all its Domino groups (and certifiers) and add an extra search filter that filters out all Lotus Notes documents from the search results that the user does not have permissions to read.
Create a Lotus Notes user store, enable the CCTK server and create an XMLAliaser
Before you run the user directory connector, you need to prepare FAST Search Authorization by creating a Lotus Notes user store, enabling the CCTK server and creating an XMLAliaser. This is done through Windows PowerShell cmdlets.
Verify that you meet the following minimum requirements: You are a member of the FASTSearchAdministrators local group on the computer where FAST Search Server 2010 for SharePoint is installed.
On the Start menu, click All Programs.
Click Microsoft FAST Search Server 2010 for SharePoint.
Click the Microsoft FAST Search Server 2010 per shell di SharePoint.
At the Microsoft FAST Search Server 2010 per shell di SharePoint command prompt, type the following commands to create the new Lotus Notes user store:
New-FASTSearchSecurityLotusNotesUserStore -id lnx
Verify if the command returns without errors. If there are any errors, the command will return red text. If the command is successful, you will see a number of parameters appear.
Set-FASTSearchSecurityCCTKServer -Enable 1
Verify if the command returns without errors. If there are any errors, the command will return red text. If the command is successful, you will see the port number and an acknowledgement that the CCTK server is enabled. Note this port number as you will need it during the configuration.
Type the following command to create the XMLAliaser:
New-FASTSearchSecurityXMLAliaser -id win2lnx -InputUserStoreId win -OutputUserStoreIds lnx -InputPropertyName '$PRINCIPAL_REFERENCE_ALIAS'
Verify if the command returns without errors. If there are any errors, the command will return red text. If the command is successful, you will see a number of parameters appear.
Configure aliasing
To be able to search Lotus Notes content through the SharePoint frontend, you need to map Windows Active Directory users to the Domino domain users. This process is called aliasing. This is done by using the SSOMapping feature of the user directory connector together with the XMLAliasing feature of FAST Search Authorization (FSA).
You turn on the feature in the user directory connector by setting the parameter SSOMapping/UseSSOMapping to true. You may also need to modify the parameter SSOMapping/ADUserNameField to refer to the correct field in the user document in Domino that holds the AD username.
Parameter group | Parameter | Description |
---|---|---|
SSOMapping |
UseSSOMapping |
Turn the generation of the SSO Mapping XML file on (true) or off (false). This parameter should be set to true if you have populated the Domino user documents with the corresponding Active Directory user names. |
SSOMapping |
ADUserNameField |
If you have populated the Domino user documents with the AD user names as the bottom value in the User name field, this parameter should have the value FullName(-1). This tells the connector that the last value in the multi-value field FullName (the internal API name for the User name field) contains the AD user name. |
After turning this feature on, you can run the Connettore directory utente Lotus Notes di FAST Search. Verify that the file specified in the parameter SSOMapping/XMLOutputFileName has been created in the folder specified in the parameter FSAOutput/OutputDirectory and that it contains the correct mappings. It should contain mappings from the AD username to the Domino distinguished name.
Upload the SSO mapping file to the XMLAliaser
After you have run the user directory connector (and generated a new ssomapping.xml file), upload this file to the XMLAliaser.
Verify that you meet the following minimum requirements: You are a member of the FASTSearchAdministrators local group on the computer where FAST Search Server 2010 for SharePoint is installed.
On the Start menu, click All Programs.
Click Microsoft FAST Search Server 2010 for SharePoint.
Click the Microsoft FAST Search Server 2010 per shell di SharePoint.
At the Microsoft FAST Search Server 2010 per shell di SharePoint command prompt, type the following command to upload the ssomapping.xml file to the XMLAliaser:
Set-FASTSearchSecurityXMLAliaser -id win2lnx -PathToXMLFile 'C:\FASTSearch\var\lotusnotesconnector\security\ssomapping.xml’
Attenzione: The path in this command is different if you have not installed FAST Search Server 2010 for SharePoint in the default directory C:\FASTSearch. Verify if the command returns without errors. If there are any errors, the command will return red text. If the command is successful, you see several parameters appear.
Note that you cannot map more than one Domino user to the same Active Directory user. If you have done this, the command Set-FASTSearchSecurityXMLAliaser will return a stack trace that contains the message Caused By: An item with the same key has already been added.
Follow this procedure in case you have to resolve this issue:
Inspect the file that you referred to in the Connettore directory utente Lotus Notes di FAST Search configuration file parameter SSOMapping/XMLOutputFileName and find the duplicate entry/entries.
For example:
<user name="AD\user1"> <domain prefix="lnx" username="cn=<Domino User 1>/ou=department/o=company"/> </user> <user name="AD\user1"> <domain prefix="lnx" username="cn=<Domino User 2>/ou=department/o=company"/> </user>
Open Domino Administrator and edit the user document for one of the users that were discussed earlier (<Domino User 1> or <Domino User 2>) and remove the mapping for that user.
Save the user document and rerun the FAST Search Lotus Notes user directory connector to reproduce the ssomapping.xml file.
Rerun the command Set-FASTSearchSecurityXMLAliaser and verify that the stack trace error message has disappeared.
To verify that the import went well, enter the following command:
Verify that you meet the following minimum requirements: You are a member of the FASTSearchAdministrators local group on the computer where FAST Search Server 2010 for SharePoint is installed.
On the Start menu, click All Programs.
Click Microsoft FAST Search Server 2010 for SharePoint.
Click the Microsoft FAST Search Server 2010 per shell di SharePoint.
At the Microsoft FAST Search Server 2010 per shell di SharePoint command prompt, type the following command:
Get-FASTSearchSecurityXMLAliaser -id win2lnx
Verify that the parameter XmlFileName was assigned a randomly generated XML file name:
PathToXMLFile :
XmlFileName : win2lnx_c3289e98-d0d1-4e84-8f83-97767eaf74df.xml
InputPropertyName : $PRINCIPAL_REFERENCE_ALIAS
Identity : win2lnx
InputUserStoreId : win
OutputUserStoreIds : {lnx}
You should now be ready to search through the front-end and get results from Domino. These results should reflect the expected output according to the permissions of the Domino user mapped to the Active Directory user who searches.
Vedere anche
Concetti
Crawling Lotus Notes content with the FAST Search Lotus Notes connector(informazioni in lingua inglese)
Start a crawl (FAST Search Lotus Notes user directory connector)(informazioni in lingua inglese)
lotusnotessecuritytemplate.xml reference(informazioni in lingua inglese)
Cronologia delle modifiche
Data | Descrizione | Motivo |
---|---|---|
12 maggio 2010 |
Pubblicazione iniziale |