关于MOSS表单验证时,Search所使用的帐户的问题
众所周知,在MOSS中,应用Search功能的时候。都是用login帐户的权限来决定Search结果,这在AD验证的时候,不会出什么岔子。基本上不必劳神。但是当Form验证的时候,问题就来了。Form认证的帐户,是没办法做这个工作的。那么如何来配置Search帐户,来保证Search工作正常运行且Search结果符合用户的权限呢? 一个最简单的方式就是在AD验证的基础之上扩展出Form验证。这样,将扩展出来的Form认证的site的URL添加进搜索范围,就好了,得到的结果跟AD验证的Site完全一样。当然,首先你要打上SP1补丁包。以下是微软官方的原文:
Crawling Content
The crawl process for Microsoft Office SharePoint Server (MOSS) 2007 and Windows SharePoint Services 3.0 content (in this article series, collectively referred to as SharePoint Products and Technologies) is designed to use Windows authentication. When Office SharePoint Server 2007 was released, it was not able to crawl content that was secured with forms authentication. In Service Pack 1, SharePoint Products and Technologies include the ability to set special crawl rules that describe cookie-based authentication so those sites can be crawled. However, it does a simple crawl of the content only, and does not capture security information or the kind of rich metadata that the crawler can gather when using the native SharePoint protocol handler.
For those reasons, whether or not you have applied Service Pack 1, it is recommended that you crawl SharePoint sites protected by forms authentication by using the native SharePoint protocol handler. If your Web application already includes a zone that is secured with Windows authentication, in most cases you can use that zone for crawling. If your Web application has only a single zone and it is secured with forms authentication, you need to extend it into a new zone by using Windows authentication to support the native protocol handler. For more information, see Prepare to Crawl Host-Named Sites That Use Forms Authentication.
When you extend the Web application into a new zone, remember the following rules:
If you are using only Windows SharePoint Services, the Default zone must be secured with Windows authentication. If the Default zone is secured with forms authentication and a secondary zone uses Windows authentication, the crawler will not be able to index it.
If you are using MOSS 2007, the Default zone can be secured with Windows authentication, but it does not have to be. You can use forms authentication for the Default zone and extend a separate zone for Windows authentication. However, you must change the start address in the default content source to the URL for the Windows authentication zone. When a new Web application is created, a start address is automatically added that uses the URL for the Default zone. MOSS 2007 gives you the flexibility to change the values in the list of start addresses, but Windows SharePoint Services does not.
To change the start address
Open your browser and navigate to the Shared Services Provider (SSP) Web site.
Click the Search Settings link.
Click the Content sources and crawl schedules link.
Click the Local Office SharePoint Server sites link.
In the Edit Content Source page that opens, in the Start Addresses section, edit the addresses in the box.
Click OK to save your changes.
