Table of Contents |
---|
Info |
---|
These prerequisites can be installed either manually configuring via Server Manager or running SharePoint 2013 prerequisite installer. |
To run the deploy scripts use an account with the following requirements:
The following are the user requirements for each component of the Endpoint:
Note | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
If the user running the SharePoint Application Pool is different from the user you are using to access the Notification Service, then the Application Pool account should be the one that has the Search Service Application administrator permission and not the account that has access to the service. In that case, after setting the application pool account as a Search Service Application administrator, confirm that you have the following permissions on that account in the Search Databases, if not, add them manually:
|
Info | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
After doing all the changes specified previously, this is the complete list of user database roles as they should be.
|
Note |
---|
Since SharePoint setup user and server farm account have these privileges, it is recommended to use one of those accounts for this. Setup user is recommended, since it has machine admin rights as well. |
The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:
This describes the steps needed for installing the various Aspire components of the SharePoint 2013 Publisher Endpoint.
This installation is done through a powershell script that will setup and configure the following components:
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployPublisher.ps1 -configurationFilePath ..\config\configurationParameters.xml |
(Optional) Install the Security Trimmer. Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployAspireSecurityTrimmer.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployIntermediateRepository.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployAspireBDCService.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployNotificationService.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployAspireSecurityTrimmer.ps1 -configurationFilePath ..\config\configurationParameters.xml |
The configuration file is found here "..\Deploy\config\configurationParameters.xml".
The next is an example on how to fill up the configuration file using the QA\spadmin for all the services.
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0"?> <parameters> <security> <usersGroupName>AspireUsers</usersGroupName> <ldapGroupQuery>CN=Users,DC=QA,DC=local</ldapGroupQuery> </security> <users> <AspireBDCServiceAppPool>QA\spadmin</AspireBDCServiceAppPool> <contentAccess>QA\spadmin</contentAccess> <aspirePropertyRepositoryUser>QA\spadmin</aspirePropertyRepositoryUser> <aspirePropertyEndpointUser>QA\spadmin</aspirePropertyEndpointUser> </users> <repository> <inputs> <folderPath>C:\Repository</folderPath> <shareName>IntermediateRepository</shareName> </inputs> <outputs> <repositorySharePath></repositorySharePath> </outputs> </repository> <aspireService> <inputs> <folderPath>C:\inetpub\wwwroot\AspireService</folderPath> <repositorySharePath piped="true"></repositorySharePath> </inputs> <outputs> <aspireServiceUrl></aspireServiceUrl> </outputs> </aspireService> <notificationEndpoint> <outputs> <notificationEndpointUrl></notificationEndpointUrl> </outputs> </notificationEndpoint> <securityTrimmer> <inputs> <groupExpansionService>http://localhost:50505/groupExpansion</groupExpansionService> <groupExpansionTimeout>15000</groupExpansionTimeout> <useDomain>false</useDomain> <claimIssuer>aspire</claimIssuer> <searchApplicationName>Search Service Application</searchApplicationName> <id>1</id> <assemblyVersion>2.2.0.2</assemblyVersion> </inputs> </securityTrimmer> </parameters> |
Code Block | ||||
---|---|---|---|---|
| ||||
<security>
<usersGroupName>AspireUsers</usersGroupName>
<ldapGroupQuery>CN=Users,DC=QA,DC=local</ldapGroupQuery>
</security> |
The security section is an initial approach to have the users group name configurable. Right now it is hardwired to AspireUsers and cannot be changed due to code limitations.
Right now this configuration is used to determine if the AspireUsers group exists as an Active Directory group and if not, it will create it locally.
Field | Description |
---|---|
Users Group Name | User group to which the users must belong to. |
LDAP Group Query | The LDAP query (minus the group name) that will be used to check for the existence of the group. |