|Dear NYC SPUG Member,||July 2009|
|AUGUST MEETING - Wednesday, August 5th, 5:30 PM
Few businesses are leveraging the power of out of the box search with SharePoint. Furthermore they are not integrating it into their work process to make working and discovering content easier for the information workers. At our firm IT was presented an opportunity to incorporate searching in our Marketing department work process. Under intense timelines and budget we were able to deliver a mostly out of box solution that would also grow with our clients. It allows them the flexibility they need and we were able to leverage a lot of functionalities (managed properties, search indexing, and scopes) that we didn't have to write code for. This presentation will give users an idea of how to leverage these features within their environment making discovering information more robust for the information worker.
Kenneth Cooper has 15 years of experience in software development. The last four of those years have been spent working with SharePoint 2003 and 2007. He has implemented various solutions using SharePoint ranging from working with the OM to integrating third party systems. He has also worked with other document management and portal applications. Now he is an Enterprise SharePoint Architect at a large Real Estate firm rolling SharePoint out globally to the organization.
To attend this meeting, REGISTER NOW!
Kerberos DOES WORK with SharePoint 2007!
It's a real challenge to get Kerberos authentication working with SharePoint 2007 but once you get past the confusing, in some cases plain wrong, Microsoft documentation, it's not that hard. I found the main difficulty was creating SPNs correctly. Here's three points to keep in mind:
1. If you would like to use different domain accounts for the application pools accounts for your web applications, be aware that you cannot set the same HTTP SPN to more than one domain account. Assigning the SPN "HTTP/server1" to more than one domain account is a duplicate SPN, which is forbidden in Kerberos. Instead, you must create host headers and create unique SPNs, i.e. HTTP/hostheader, for additional domain accounts. More information can be found at http://support.microsoft.com/?id=929650.
2. Multiple web applications using the same name on different ports only require one SPN, HTTP/servername. Please note that the primary Microsoft article on how to setup Kerberos for SharePoint, “Configure Kerberos Authentication (Office SharePoint Server)”, is wrong in this regard. If you set up an SPN as they suggest, "HTTP/mossadmin.mydomain.net:10000," it's exactly the same as setting it up as "HTTP/mossadmin.mydomain.net." You can confirm this by taking a look at the Kerberos traffic in Network Monitor or WireShark on client machine. When connecting to a SharePoint site with Kerberos the ticket is built without reference to a port number.
3. One of the advantages of using Kerberos in SharePoint 2007 is that since the double-hop authentication problem no longer exists, configuration of SharePoint with other products is often much easier. When setting up the Business Data Catalog to work with an Oracle database, for instance, you can use "passthrough" authentication in the application definition and simply supply the Oracle ID and password. With NTLM authentication you have to set up a "Single Sign-On" database and configure it in Central Administration to pass the ID and password to Oracle.
After Meeting Social:
ISPA (International SharePoint Professionals Association)
If you have registered online at least 2 days before the meeting, your name will be on the guard's list in the lobby and they will be able to immediately print out a building pass for you. If not, you will have to give your name to the NY SPUG representative at the desk and creating a building pass for you will take MUCH MORE TIME.