This tutorial will guide you on configuring an Aspire system with three different content sources and Active Directory groups to be served through the Group Expansion Manager.
Group Expansion Tutorial
We will assume our system to have a Lotus Notes connector. Group membership in the organization is held in Active Directory. The Lotus Notes user name is held in the lnUserName attribute of the user in Active Directory. Your search engine will request group expansion using HTTP requests.
Group Expansion Components Required
In order to provide group expansion for the above scenario, you will need to use:
The Aspire LDAP Cache Service
You will require this service to provide Active Directory attributes to the group expansion request in order to get the Lotus Notes username. You will also need it in order to provide “external” groups to the SharePoint 2010 connector.
The Aspire Group Expansion Manager Service
You will require this service in order to serve group expansion requests via HTTP and to route the requests to the various content source connectors to collect groups.
Installation Process
Overview
The basic order of installation to attain the configuration noted above would be:
- Install Group Expansion Manager service
- Install LDAP Cache service
- Install content source connectors
It is possible to install the connectors before the LDAP Cache service and the Group Expansion Manager, but you would need to revisit the SharePoint Connector after the LDAP Cache was installed so the above order is preferable.
Detail on installing and configuring the LDAP Cache and Group Expansion Manager services is given below
Install the Group Expansion Manager service
Content source management page
1. Using the settings button on the right hand side of the screen to load the Services console.
Settings menu
2. This will return you to the following screen:
Services management page
3. Select Add service and then the Group Expansion Manager
Select group expansion manager
4. The service will now load the configuration screen. This may take a moment if the connection to the internet is slow. Once the service has been downloaded, you will see the following:
Service configuration
5. Enter a name for your Group Expansion Manager or leave it as default
6. Click the Service tab at the top of the screen or use the arrow at the right of the screen to move to the service configuration screen. You will now see the service configuration.
Service configuration
Fields Description:
- Servlet name
- Specifies the name for the HTTP servlet to be created for the group expansion requests coming from the the search engines or search application. The default is "groupExpansion" so the requests have to be made against "http://localhost:50505/groupExpansion?username=tesla"
- Specifies the name for the HTTP servlet to be created for the group expansion requests coming from the the search engines or search application. The default is "groupExpansion" so the requests have to be made against "http://localhost:50505/groupExpansion?username=tesla"
- Expansion timeout
- Specifies what's the maximum time the group expansion requests should take before returning a response into the search engine. If this time is exceeded a timeout error will be returned.
- Specifies what's the maximum time the group expansion requests should take before returning a response into the search engine. If this time is exceeded a timeout error will be returned.
- Add PUBLIC:ALL group
- Check this option if you want to add a PUBLIC:ALL group to all group expansion requests.
- Check this option if you want to add a PUBLIC:ALL group to all group expansion requests.
- Additional groups
- Here you can add custom static groups to be returned for all the group expansion requests.
- Here you can add custom static groups to be returned for all the group expansion requests.
- Base32 Encode Groups
- Check this option to encode the group using Base32. This is used for some search engines that encodes the ACLs in this format.
- Check this option to encode the group using Base32. This is used for some search engines that encodes the ACLs in this format.
- Domain Handling
- Request Domain
- Strip/Add or leaves the domain coming in the requests
- Strip/Add or leaves the domain coming in the requests
- Response Domain
- Strip/Add or leaves the domain returned in the responses.
- Strip/Add or leaves the domain returned in the responses.
- Request Domain
- LDAP Proxy Check this option if you want your Group Expansion Manager to emulate an LDAP server.
- Ldap Connection
- Select an existing LDAP Cache
- Select an existing LDAP Cache
- Enable Ldap proxy server
- Check this option to configure your Group Expansion Manager as an LDAP emulator
- Ldap Connection
7. Uncheck the "Configure LDAP Proxy" checkbox since we don't require to emulate LDAP in this tutorial
8. Press Save at the top of the screen to save the configuration and load the service, then click on "Done". You will be redirected into the Services Management page. Again this may take a moment while the required components are downloaded:
Services management page
9. The configuration of the group expansion is now complete.
Install the LDAP Cache service
See the tutorial here for details. During the configuration remember to download the "lnUserName" attribute from LDAP, so we can later make use of it.
Configure the Connectors
Installing the connectors is not covered in this guide. Refer to the appropriate documentation. This section only covers the Group Expansion configuration part.
- Go to the connector configuration section and scroll down until the Group Expansion configuration section, check on the "Use GroupExpansion" checkbox to enable it.
- Select the appropriate Group Expansion Manager
- To use the Username mapping from the repository local users to LDAP users, check on the "Map usernames" checkbox and select the installed LDAP Cache. Also specify the attribute from LDAP you want your lotus notes user to match to.
- Click on Save and then Done.
Overview
Content Tools