Configuring Search Results Security Trimming

Configuration of delegation is necessary in order for the SharePoint search service provided to Jive to perform security trimming using the account supplied to the search method.
Attention: This is required when SharePoint and Jive use NTLM to communicate.

Requirements

  • Windows Server 2003 (or later) Active Directory controller.
  • The application pool accounts must use a domain account.
  • If used, the IP address restriction lists in both Jive and SharePoint must include all the required IP addresses.
  • For environments where users will be logging into SharePoint across multiple domains, the domains must have a two-way trust, so that Jive users can see SharePoint search results. Using the Trust tab of Active Directory Domains and Trusts,

Configuration Scenario

On every SharePoint web front end use the Local Security Policy snap-in (Start > All Programs > Administration Tools > Local Security Policy) to confirm that the SharePoint application pool accounts have the following privileges on each SharePoint web front end:
  1. Act as part of the operating system privilege.
  2. Impersonate a client after authentication.
Note: If the two changes above for the application pool account are not acceptable for the the application pool account used by regular users, consider extending the SharePoint web application and using a separate application pool account for the extended web application. Then when Adding a SharePoint Location, use the original web application for the External SharePoint Location URL and the extended web application URL as the Internal SharePoint Location URL. It is the Internal SharePoint Location URL that must use an application pool account with the specified settings.
On the domain controller, use the Active Directory Users and Computers snap-in to confirm the correct domain functional level.
  1. View the properties for the domain.
  2. Verify that the domain functional level is set to Windows 2003 or later.
  3. If the domain is not set to at least Windows 2003, right-click the domain and select "Raise domain functional level". Beware, this command is not reversible.

If any configuration changes were made, you will need to execute IISRESET on your SharePoint instances to make them take effect.

Up to: Setting up SharePoint

Powered by Jive Software
© 1999-2012 Jive Software. All rights reserved. Follow us on Twitter @jivedocs