MC+A

I have had some issue utilizing the Google Admin Toolkit’s python scripts.  Looks like there is some changes to the login and cookie exchange on the new version of the appliance.  There was an old version of a script called db_sync that is no longer posted on there. 

Here it is again and an example of the syntax.

c:\python26\python db_sync.py –hostname 10.10.10.29 –username backup –password Replacewithyourpassword –source db_product

where:

• 10.10.10.29 is the host name or the ip of the server
• backup is the name of the user that will be logging in.
• Replacewithyourpassword is the password (in this case, backup’s password)
• db_product is a db_connector

You can download the zip file here: db_sync

Google has just released 6.4 on the enterprise support site and has updated code.google.com’s documentation.  We have yet to install and verify.  But some of the big changes so far:

JavaScript Crawling

The search appliance now can detect links and content generated dynamically.  I wonder if this will help the forms authentication wizard?

Serve Time Authentication

You will no longer need to enable or disable security manager and legacy auth as in 6.2. The default behavior of the appliance is to now centralize authentication for:

• Cookies
• HTTP Basic and NTLM
• Kerberos
• SAML
• Connectors

Administrative Improvements

There are various administration improvements, most notably:

• LDAP Setup
  New options to use LDAP during serve-time and looking up a user’s group during authentication.
• Timeout for Auth Requests
  New option allows specification wait time for GSA before processing batch authorizations.
• Head Requestor Deny Rules
  Allows you to identify URLs where content servers deny users access with codes other than HTTP code 401. (Non web standard pages)

The full documentation is here.

Previously I had authored a series of new features that came as part of the 6.0 software release that was not noted in the software release. For many of our customers, these feature releases are more significant than say GSA unification since they only have a single GSA.

Metadata Base64 Encoding

In software release 6.2, you can now base64 encode both metadata names and metadata values.

 <record url=<a href="http://www.mcplusa.com">http://www.mcplusa.com</a> action="add" mimetype="text/html">
<metadata>
<meta encoding="base64binary" name="acdJvamFXQWjdF9uWEXl" content="asdfLKZUoiuoiasdfmoaioeit">
</metadata>
</record>

Note: the correct encoding attribute is base64binary and not base64 as Google’s documentation states.

Google released the latest patch to software version 6.2.  Please contact your MC+A customer support contact for information regarding this or to schedule a time for an upgrade to be performed.

The Steps To Implement Search History On A Google Search Appliance or Google Mini

A few weeks ago there was a thread on the Google Groups regarding how to display search history on a Google Search Appliance query results page.  Our approach typically at MC+A is to utilize the xslt as much as possible as it provides less complicated infrastructure.  Because of this, we tend to utilize JQuery to provide some dynamics features to the interface.  In this case, it’s search history.  This article assumes you have some idea about jQuery, specifically the Ready function.

Step 1 – Create A DIV

Create a HTML DIV in your results page that you would like the history to be displayed.  For example:

<div id=”recentHistory”>No Recent Searches</div>

Note the id that you use for later in this process. You can also place text with the div that will be displayed until the jQuery finishes loading.

Step 2 – Add A Function Call to jQuery.Ready

$(document).ready(function(){
    setHistory(); //Function to set the Div
});

Step 3 – Add the Function Call

The following function relies on 5 other functions:

1. GetCookieVal – Get’s the Cookie Value
2. GetCookie – Get’s a raw Cookie
3. DeleteCookie – Delet’e’s a Cookie
4. SetCookie – Set’s a Cookie
5. GetParameter – Get’s a Query String Value

function setHistory(){
    var gsaCollection = getParameter(window.top.location.search.substring(1), "site");
    var gsaClient = getParameter(window.top.location.search.substring(1), "client");
    var gsaStylesheet = getParameter(window.top.location.search.substring(1), "proxystylesheet");
    //var gsaAccess =getParameter(window.top.location.search.substring(1),"a");
    var recentHistory = "<ul>";
    var historyTemp = GetCookie("searchhistory");
    var history;
    if (historyTemp == null) {
        var q = getParameter(window.top.location.search.substring(1), "q")
        if ((q == null) || (q == "")) {
            //no history
            recentHistory = recentHistory + "<li>None</li>";
        }
        else {
            recentHistory = recentHistory + "<li><a href=\"search?site=" + gsaCollection + "&client=" +
            gsaClient +
            "&proxystylesheet=" +
            gsaStylesheet +
            "&access=a" +
            "&q=" +
            q +
            "&output=xml_no_dtd" +
            "\" > " +
            q +
            "</a></li>";
            SetCookie("searchhistory", q, expiry);
        }
    }
    else {
        historyString = new String(historyTemp);
        history = historyString.split("|");
        var newHistory = new Array(5);
        var newHistoryString = "";
        newHistory[0] = getParameter(window.top.location.search.substring(1), "q");
        newHistoryString = newHistory[0];
        recentHistory = recentHistory + "<li><a href=\"search?site=" + gsaCollection + "&client=" +
        gsaClient +
        "&proxystylesheet=" +
        gsaStylesheet +
        "&access=a" +
        "&output=xml_no_dtd" +
        "&q=" +
        newHistory[0] +
        "\" > " +
        newHistory[0].replace(‘+’, ‘ ‘) +
        "</a></li>";
        for (var i = 0; i < history.length & i < 4; i++) {
            newHistory[i + 1] = history[i];
            newHistoryString = newHistoryString + "|" + history[i];
            recentHistory = recentHistory + "<li><a href=\"search?site=" + gsaCollection + "&client=" +
            gsaClient +
            "&proxystylesheet=" +
            gsaStylesheet +
            "&access=a" +
            "&output=xml_no_dtd" +
            "&q=" +
            history[i] +
            "\" > " +
            history[i].replace(‘+’, ‘ ‘) +
            "</a></li>";
        }
        SetCookie("searchhistory", newHistoryString, expiry);
    }
    recentHistory = recentHistory + "</ul>";
    document.getElementById("recentSearches").innerHTML = recentHistory;
}

I am planning on cleaning up the function and posting it here it its entirety in the next couple of days.;

Reply with a comment to nudge me along if I forget.

Since the Google Search Appliance introduced support for both Microsoft SharePoint and Kerberos many of our customers have begun to implement Kerberos more often technology. 

Kerberos with SharePoint can provide a Single Sign On technology that is silent.  However, the reason that most companies have not implemented Kerberos because it’s difficult to debug.  I have found this tool develop by Brian Murphy to save weeks of debugging time.  It’s easy to set up and provides tests for Kerberos authentication as well as delegation.

http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/delegconfig-delegation-configuration-reporting-tool.aspx

Google has released a new software update for version 6.2.  The most notable fix in this release is for the GSA mirroring feature.  Additionally, there are about 14 documented updates. 

Our support customers will be contacted by MC+A support to schedule a time to perform the upgrade.  Feel free to contact us if you have any questions.

As someone who watches the Superbowl for the ads, seeing the Google “Parisian Love” was a real treat. With a dash of sugar Google really highlighted the broad features of the Google search engine. The Google Search Appliance provides many of the same functions, securely for the enterprise. It was get to point the the TV and tell friends and family “That is what we do for clients.” Which is pretty much true….well add a dash of Kerburos or a custom SAML interface

Recently, while working on a Google Search Appliance implementation involving a custom SAML interface users were being returned documents in some cases which they did not have access to. In reviewing the logs, we found that SharePoint was responding with an HTTP status of 200.

The GSA resolves late binding by performing a head request. Our case involved a user being granted access to a document by the GSA that they shouldn’t have. For reasons unknown, when one user accessed a page, they got a 401 (unauthorized) and when another use accessed the page, they got an error. Both users were not able to access the document.

The head request was something similar to:

This appears to be a standard 200 response, but it contains something interesting. There is an additional header called SharePointError. In digging around MSDN, I found this article . The SAML bridge had to be modified to check for this head in addition to the response. The existence of this header does not indicate a failure, only that it needs to be future examined to see if the user has access.

gsa-faceted-search helps you build a faceted search experience.  The filters are static but provide a very rich ability to filter without a hole lot of XSLT modifications.  There is a simple 3 step process documented here on adding it to your search interface.