cancel
Showing results for 
Search instead for 
Did you mean: 

A question on TREX Web Repository Manager crawler for NTLM IIS sites

Former Member
0 Kudos

We have a lot of Intranet web sites running Integrated Windows Authentication (NTLM) as the security manager. However, I was told by SAP people that the crawler (which craw the web pages through the Web Repository Manager in EP) does not support NTLM authenticated web site. Is there any workarounds that we can do to allow the crawler to access the web pages? Since we want to provide a Federated search service for our users to perform a single search for all of our Intranets.

Accepted Solutions (0)

Answers (1)

Answers (1)

frank_koehler
Discoverer
0 Kudos

The problem with NTLM is that Microsoft hasn't documented it. So there is no legal way to find out, how a third party component (like the Web Repository Manager) can authenticate itself using NTLM.

There are some documents availabe on the web about this topic but the content of these was obtained by reverse engineering Microsoft's products, which is illegal respective to the license agreement.

Hence I don't see a chance for support of that authentication scheme.

Former Member
0 Kudos

I need a little clarification.

1. If we create a repository based on an intranet site. Use a service id that has full read access to the entire site. Would TREX create an index?

2. Assuming the index is created in the above. We have assigned various acl's to folders within the site which limit the access by users (through groups). When the user performs a search will the user see all pages that meet the criteria or will the user see only those pages that meet the criteria AND the user has access?

Jerry

frank_koehler
Discoverer
0 Kudos

ad 1) TREX will access (as part of the knowledge management) the documents via the repository manager. So it will be able to access all documents the knowledge management can access.

ad 2) TREX itself does not know of the assigned ACLs. But the knowledge management will verify that each document reference in the search result will only be presented to the user if the user has access rights.

Frank

Former Member
0 Kudos

Base on the information I got from SAP, their web repository manager only support Basic Authentication. If your IIS web sites only have NTLM authentication turned on, then the repository manager will not able to craw it for indexing, since it doesn't recognize the NTLM protocol. You can only index an IIS web site if you turn on the Basic Authentication in IIS.

Former Member
0 Kudos

Officially Basic and Digest Authentication are supported by the web repository manager. However in Ep50 SP6 and all EP60 releases, it might be worth a try to configure a web repository against an NTLM-only IIS.

As to access rights: the web repository does all operations in the name of the mapped user, even cache lookups. So, if there is a standard user configured in the landscape system, that user is used for all requests, independant of the portal user. If there is no standard user and authentication is required by the remote server, the portal user mapping is asked for the credentials to be used against the server. If no credentials exist, access is denied.