Friday, April 29, 2011

Install LDAP on CentOS Step-by-Step

Introduction

In this step-by-step walkthrough, you will install and configure the CentOS Directory Server on Centos 5.5 running as a guest OS on VMware Workstation 7.1.  The CentOS Directory Server is the CentoOS distribution of the 389 Directory Server [10], which is an open source LDAP server for Linux.  The Red Hat documentation provides all necessary information on LDAP [5], but can be challenging to quickly and productively review.  A number of online tutorials are also available [3, 4, 6], and the best one that I was able to identify is available at neddix.com [7].  My step-by-step walkthrough retraces the steps presented in the neddix.com tutorial, with some minor modifications, updates, and additional detail and appropriate referencing helpful to those new to LDAP implementation.  Note that it assumes the use of the Gnome interface.  Total time to completion is about 2 hours.  Good luck!

Procedure

Step 1: Configure Networking

On the Gnome panel, select System, and then select Network.


The Network Configuration tool opens. 


On the Network Configuration tool, select the target device, and then click Edit.  The Ethernet Device tool appears.


Configure the usual network items, and then click OK.  The Ethernet Device tool closes, and you are returned to the Network Configuration tool.  On the Network Configuration tool, select the DNS tab.


Enter the Hostname that you want for your network.  For this walkthrough, the hostname is:
centos1.corp.local
Jot down what your hostname and domain name are, as you'll need these data later, when you perform a setup and configuration of CentOS Directory Server.  Don't worry about the DNS entries - anything you enter here will be reset anyway when you reset the Network service.  Then, from the File menu, select Save.


Click OK, and then exit the Network Configuration tool.  On the Gnome panel, point to System, then point to Server Settings, and then select Services.
TIP: if you did not install the Server GUI package, during CentOS install, you will not see the Server Settings submenu.  Instead, the Services menu item will simply be grouped under the System menu.
The Service Configuration tool appears.  Scroll down until you see the network item.  Select this item.


Click the Restart button.  After a few moments, a message will appear.


Click OK.  Now, return to the Network Configuration tool, and then select the DNS tab again.


Enter the appropriate DNS data, and then select Save from the File menu again.  At the prompt, click OK.  And you'll need to restart the Network service again, like you did previously.  Once you've done these things, test your configuration.  First, open a terminal, and then enter:
hostname
which returns the machine's hostname, and then
hostname -f
which returns the machine's fully qualified domain name.  You should see the following:


Now enter the following:
ping -c 1 localhost
followed by
ping -c 1 centos1.corp.local
Either command sends a single ICMP echo request.  You should get something like the following.


Running these commands helps determine whether the machine's DNS settings have been properly configured.
TIP: to get quick help on these and other standard UNIX commands, just enter:
man [command]
This completes network configuration.  In the next very quick step, you'll enable the time service.

Step 2: Enable Network Time Protocol Service

Go to the Services tool, and then scroll down until you see the ntpd service item.  Check this item.


Click the Start button.  After a few moments, the startup process will complete, and the Status panel will be updated.


This completes the network time protocol service startup.  In the next step, you will configure temporary security settings to allow you to install the necessary software.  These will be modified again later.

Step 3: Disable Firewall and SELinux

On the Gnome panel, click on System, and then click Security Level and Firewall.  On the Firewall Options tab, make sure that Firewall has been set to Disabled.


And then on the SELinux tab, make sure that the SELinux Setting has been set to Disabled


Then click OK


Click Yes.  This completes security settings configuration.  In the next step, you will create a new account for use by the LDAP service.

Step 4: Create LDAP Service Account

On the Gnome panel, select System, point to Administration, and then select Users and Groups.  The User Manager tool appears.


Click Add User.  The Create New User tool appears.  Enter the appropriate information.


Click OK.  The tool closes, and you are returned to User Manager.  The sysadmin account will now be listed.


This completes setup of the LDAP server service account.  In the next step, you will check on OpenJDK installation and install it if need be.

Step 5: Install OpenJDK

First, let's check to see whether openjdk has already been installed.  You can do this using rpm commands or using the Package Manager GUI tool.  Let's try from the command line first.  At the terminal,  try this:
rpm -qa | grep openjdk
This searches through all of the packages for the search string openjdk.  If this command returns nothing then the package hasn't been installed.  Otherwise, it will return the the package name and version. 
NOTE: if, during your initial CentOS installation, you performed an install of the Server and Server GUI packages, the openjdk package will already have been installed for you, since it comes as part of the Server package group. 
As of this walkthrough, the latest version of openjdk was 1.6.0, but your version may vary. 


Next, let's use the GUI tool to determine whether openjdk has already been installed.

Open the Package Manager tool.  On the Search tab, perform a search on the string JDK.  Scroll down the list of search results and look for the OpenJDK Runtime Environment item.   

If it's not checked, go ahead and check it now for installation.  Once you check it, the Apply button is enabled, and clicking the Apply button launches the installation of all checked packages. 

You can also install it from the command line like this:
yum install java-1.6.0-openjdk
where your version number may vary.  After installing openjdk, do the following check to make sure the libraries have been appropriately installed and configured.  Enter the following:
/usr/sbin/alternatives --config java
This finds all of the java versions available on your machine.  You may find more than one available.  What's important is that a version is available that matches the one you installed and that this is the default version.  CentOS Directory Server requires OpenJDK or Sun JDK.  Make sure that one of these is the default.


This completes JDK installation.  In the next step, you'll check on openssl installation and if it's not installed, install it.

Step 6: Install SSL

As in step 5, there are a couple of ways of determining whether a package has already been installed, either from the command line or using the Package Manager GUI tool.  Let's first do this from the command line.
rpm -qa | grep openssl
This will search through all installed packages for the string openssl.  If it doesn't find anything, it returns nothing.  Otherwise, it returns the full name and version of the package.


To do this using Package Manager, bring up this tool, and then on the Search tab, perform a search on openssl.


In this walkthrough, the openssl package was already installed.  That's because the target CentOS machine was installed along with the Server and Server GUI package groups at the time of CentOS installation.  These groups include the openssl package.  However, if you need to install it, just check the item as seen in Package Manager.  This will enable the Apply button.  Click the Apply button.  This will install openssl.  Alternatively, you can install openssl from the command line like so.
yum install openssl
This will install the latest version of openssl along with all of its dependencies.  This completes installation of openssl.  In the next step, you will perform the installation of CentOS Directory Server itself.
Step 7: Install CentOS Directory Server

To start out, let's make sure that this hasn't been installed already.  Enter the following command:
rpm -qa | grep centos-ds
This will likely return nothing, but it doesn't hurt to check.


Next, let's find out a bit more about this package before installing it.  Enter the following command:
yum info centos-ds
This returns info on the package that is on the yum server.


You can install CentOS Directory Server in two ways: from the command line using yum command or using Package Manager.  If you use Package Manager, open the tool and perform a search on centos-ds.  Check the item described as CentOS Directory, Administration, and Console Suite.


Alternatively, from the command line, enter the following command:
yum install centos-ds
Installation takes a minute or two.  You'll be prompted once for input.


Note the dependencies that were also installed for you automatically.  In particular, note that cyrus-sasl and ldapjdk dependencies were installed.  These no longer need to be installed separately, as discussed elsewhere. 

This completes CentOS Directory Server installation.  It's not yet ready to run, as it still needs to be setup and configured.  But you'll get to that after checking on whether certain support packages have been installed, which is the focus of the next step.

Step 8: Install Support Packages

There are a few support packages required by CentOS Directory Server, as discussed in the CentOS Directory Server Setup HowTo [9].  However, if you are working with a recent installation of CentOS, such as version 5.5, or greater, and you have installed the Server and Server GUI package groups, you may find that you do not need to specifically install these support packages separately.  You may find that they're already installed.  Let's check.  Enter the following four commands in succession, waiting after each one to see its results:
rpm -qa | grep xorg-x11-xauth
rpm -qa | grep bitstream-vera-fonts
rpm -qa | grep dejavu-lgc-fonts
rpm -qa | grep urw-fonts
Executing each of these commands should return something like that shown below.


For this walkthrough, each of these support packages was previously automatically installed.  For your own particular case, if you find one or more of these support packages missing, install them using standard yum commands.  This completes installation of the support packages.  In the next step, you will setup and configure CentOS Directory Server instance and the Admin server.

Step 9: Setup and Configure CentOS Directory Server

Open a terminal, and enter the following command:
setup-ds-admin.pl
You shouldn't need to specifiy the path, as the /etc/sbin directory should already be a part of the machine's PATH.  You'll be prompted along the way. 

Would you like to continue with set up? [yes]:
Do you agree to the license terms? [no]: yes

At this point, dsktune runs and performs a system parameters check.  It may identify a few areas for improving performance.  For example, it may present warnings on memory and file descriptor parameters.  Don't worry about these: you can adjust these later.  Here's hjow to respond to the prompts during setup:

Would you like to continue? [no]: yes 
Choose a setup type [2]: 2
Computer name [CentOS1.corp.local.net]: centos1.corp.local
System User [nobody]: sysadmin
System Group [nobody]: sysadmin
Do you want to register this software with an existing configuration directory server? [no]: hit enter
Configuration directory server administrator ID [admin]: hit enter
Password:
Password (confirm):
Administration Domain [corp.local]: hit enter
Directory server network port [389]: hit enter
Directory server identifier [centos1]: hit enter
Suffix [dc=corp, dc=local]:  hit enter
Directory Manager DN [cn=Directory Manager]: hit enter
Password:
Password (confirm):
Administration port [9830]: hit enter
Are you ready to set up your servers? [yes]: hit enter

This completes setup and configuration of CentOS Directory Server.  In the next step, you'll make somem additional, minor configuration changes.

Step 10: Additional Configuration

Next, let's configure the openldap-client tools. 
gedit /etc/openldap/ldap.conf
This opens the ldap configuration file.  Add the following lines to this file:
BASE dc=corp, dc=local
HOST localhost
PORT 389

You should have something like the following


Next, configure the Directory Server daemon and the Directory Server Admin to startup at boot time.  To do this, enter each of the following commands
chkconfig dirsrv on
chkconfig dirsrv-admin on
After configuring these, do a quick check to make sure these services are running by using the service command:


This completes the additional configuration step.  In the last step, you will launch the Directory Server Administration Console.

Step 11: Start the Directory Server Administration Console

Enter the following command in the terminal:
centos-idm-console
The console login prompt will appear.


Enter the User ID and password that you configured in Step 9, and then enter the URL using the port number that you also configured in Step 9.  Click OK.  The CentOS Management Console appears.


Now that you have a working LDAP server installed and configured and ready, you'll need to start connecting other Linux machines to authenticate from this LDAP server, but that's outside the scope of this walkthrough.

Summary

Congratulations!  You've installed and configured the CentOS LDAP Directory Server.  Happy computing!

References
  1. OpenSSL - OpenSSL Project
  2. OpenLDAP - OpenLDAP Organization
  3. Install Directory Server in CentOS 5.5 - Roger Carhuatocto - Holism and Technology blog
  4. CentOS Directory Server On CentOS 5.2 - HowToForge - Linux Tutorials
  5. Red Hat Directory Server - Red Hat Documentation
  6. Installing 389 Directory Server - LinuxMail.info
  7. How to setup the CentOS Directory Server (389 Directory Server) neddix.com wiki
  8. NTP: The Network Time Protocol
  9. CentOS Directory Server, Basic Install - Centos HowTos
  10. Setting up CentOS Directory Server on CentOS 5.4 Linux - Raining Packets - December 30, 2009
  11. How can I change the TCP/IP tuning parameters? - Red Hat Magazine - 1/25/2007
  12. Linux: tcp keep alive setting - The R71 web dump - 25 November 2009
  13. VNC ( Virtual Network Computing ) - CentOS Documentation
  14. 389 Directory Server - The Fedora Project
  15. Chapter 11. Package Management Tool - Red Hat Documentation
  16. How do I find what dependencies a rpm file has? - nixCraft - January 14, 2006
  17. RPM Commands - CentOS Resources 
  18. Yum Commands - CentOS Resources
  19. Chapter 11. Package Management Tool - Red Hat 5 Documentation
  20. Install and Configure OpenLDAP on CentOS 5 - HowToForge - January 28, 2011
Further Reading
Notes
  • None

Tuesday, April 26, 2011

SharePoint 2007: Troubleshooting Errors 7000 and 7041

Problem

I had completed an installation of SharePoint Server 2007 Standard onto Windows Server 2003 R2 Enterprise.  Domain accounts had been created and configured for the various SharePoint services, as recommended [1].  Both SP1 and 2 had been installed.  No issues.  No problems.  The next day, I check the Windows Server event logs and found the system event log filled with the following errors that repeated with distressing frequency:

Event Type:       Error
Event Source:      Service Control Manager
Event Category:   None
Event ID:            7041
Date:                  6/17/2010
Time:                  1:50:45 PM
User:                  N/A
Computer:          [servername]
Description:
The SPsearch service was unable to log on as .\[account name] with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.

Service: SPSearch
Domain and account: .\[account name]

This service account does not have the necessary user right "Log on as a service."

User Action

Assign "Log on as a service" to the service account on this computer.  You can use Local Security Settings (Secpol.msc) to do this.  If this computer is a node i a cluster, check that this user right is assigned to the cluster service account on all nodes in the cluster.

If you have already assigned this user right to the service account, and the user right appears to be removed, a Group Policy object associated with this node might be removing the right.  Check with your domain administrator to find out if this is happening.

For more information..


Event Type:       Error
Event Source:      Service Control Manager
Event Category:   None
Event ID:            7000
Date:                  6/17/2010
Time:                  1:50:45 PM
User:                  N/A
Computer:          [servername]
Description:
The Windows SharePoint Services Search service failed to start due to the following error:
The service did not start due to a logon failure.

For more information...


Event Type:       Error
Event Source:      Service Control Manager
Event Category:   None
Event ID:            7041
Date:                  6/17/2010
Time:                  1:50:45 PM
User:                  N/A
Computer:          [servername]
Description:
The SPTimer service was unable to log on as .\[account name] with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.

Service: SPTimerV3
Domain and account: .\[account name]

User Action

Assign "Log on as a service" to the service account on this computer.  You can use Local Security Settings (Secpol.msc) to do this.  If this computer is a node i a cluster, check that this user right is assigned to the cluster service account on all nodes in the cluster.

If you have already assigned this user right to the service account, and the user right appears to be removed, a Group Policy object associated with this node might be removing the right.  Check with your domain administrator to find out if this is happening.

For more information...


Event Type:       Error
Event Source:      Service Control Manager
Event Category:   None
Event ID:            7000
Date:                  6/17/2010
Time:                  1:50:45 PM
User:                  N/A
Computer:          [servername]
Description:
The Windows SharePoint Services Timer service failed to start due to the following error:
The service did not start due to a logon failure.

For more information...


Discussion

The answer to quickly and effectively resolving both these service errors, the Timer and Search services, lies in the User Action statements for both.  I wish I had grasped this at the outset.

I encountered these errors early in my SharePoint Server career and was unfamiliar with such things as GPO.  Though I had good SharePoint knowledge from a user perspective, I didn't have much systems integration experience - understanding the intersection of SharePoint with its operating system.  Thus, I did not initially grasp the significance of the User Action statement.  Had I done so, I would have avoided several weeks of troubleshooting effort.  Another difficulty involved the rather transient longevity of the network administrative staff, that I was working with at the time, staying with us for little more than a few months before moving on to other positions. 

Over the course of intense troubleshooting, continuously consulting with system admin staff, I finally noticed that this flood of errors was triggered after the broadcast of a new GPO, which on our systems occurred around 3 AM daily.  I didn't fully understand what a GPO was, but I could see that it was adversely impacting my carefully installed and configured SharePoint configuration, since the occurence of a new GPO event coincided with the advent of these errors.   But why a GPO event in turn caused the 7000 and 7041 errors was beyond me.  Finally, a savvy sys admin person, when I showed him the errors, quickly understood what was occuring: everytime the GPO was pushed out to the servers, it was overwriting the local configuration, and this caused the service accounts in question to no longer be able to logon locally.  This sys admin fixed the problem in a few moments. After he explaned it, it made sense to me.

In just a few minutes, he added the "Log on as a service" right to the accounts in the GPO.  The next day, I checked the system event log and: no more errors (at least this type, anyway).  Voila. Problem solved.  At least this one.

Lessons Learned

This experience taught me the importance of gaining cross-cutting experience, of gaining experience not just in SharePoint but also in the applications that intersect with SharePoint and most certainly in the operating system hosting the application.  It also illustrated the importance of productively working with savvy system administrators and the impact they have on your operations.  Happy computing!

References
  1. Plan for administrative and service accounts (Office SharePoint Server) - Microsoft TechNet | SharePoint Server 2007
  2. Add the Log on as a service right to an account - TechNet | Windows Server 2003 | Manage an ADAM Instance
  3. EventID.NET
Notes
  • None

Tuesday, April 19, 2011

Installing the SELinux Administration Tool on CentOS Step-by-Step

Introduction

This procedure walks you through the process of setting up the Security Enhanced Linux (SELinux) Administration tool GUI on CentOS step-by-step.  SELinux is a security system for Linux  [1-3].  It is integrated into version 2.6.X kernel versions of Red Hat Enterprise Linux [1, 3].   CentOS is a rebuild of Red Hat Enterprise Linux without branding [4]. SELinux administration is generally accomplished via commands and editing configuration files [1-3].  The GUI facilitates SELinux administration.  The SELinux Administration tool GUI is installed by default to RHEL installations.  It is not setup by default to CentOS installations [5].   On CentOS instances, the GUI is part of the policycoreutils-gui package [4].  This walkthrough involves four steps: 1) checking SELinux Administration tool installation status, 2) locating the installation package, 3) installing the package, and 4) verifying installation.  All references used in this walkthrough are listed in the References section, below.  Good luck!

Procedure

Step 1: Checking SELinux Administration Tool Installation Status

On the CentOS desktop, go to the System menu, and then point to Administration.  The Administration submenu appears.  It this tool were installed, the SELinux Management menu item would appear just below the Security Level and Firewall menu item.


On Red Hat Enterprise Linux Server 5, this is installed by default.


You can also check GUI installation by performing a find [5] operation on the administration tool, system-config-selinux [1-3].  If it's not there, the GUI tool has not been installed.


To check where your CentOS version includes the SELinux system, use the uname command [6].  This command reveals the kernel version of your Linux distribution.


If your CentOS is based on kernel version 2.6.X or greater, SELinux should be installed as well [1, 3].  In the next step, you'll first check to see if the installation package is already available to your CentOS instance, and only needs to be installed; and then if its not installed, we'll then perform an installation of the package.

Step 2a: Check if the SELinux Administration Tool Package is Available

First, let's check to see if the package is already available.  On the CentOS desktop, from the Applications menu, select Add/Remove Software.  The Package Manager tool appears.  Select the Search tab, and then enter "SELinux."


Click Search.  A vareity of SELinux tools and features will be listed.


Scroll down to find the "SELinux configuration GUI" item.  If you see it there, that's good and you only need to check it in order to install it: skip past step 2a and go right to step 3.  If not, you'll need to first locate the installation package in order to download it, and this is covered next.

Step 2b: Locate the Installation Package for Downloading

You first need to identify in which package the system-config-selinux command file is located.  Use the YUM provides command to find this out [8].  At the command prompt, enter the following:
yum provides "*system-config-selinux"
This performs a search on the CentOS update server of all packages in order to find out which package includes the search target.


Once the search completes, make a note of the package name that was returned.

Step 2c: Download the Package

To download the package, use another YUM command, yum install.  The installation takes only a few seconds.

NOTE: though the yum install command downloads and performs an installation of the package, the SELinux Administration tool package still may not be installed.  Final installation is covered in the next step.
Step 3: Install the Package

To install the SELinux Administration tool GUI, bring up the Package Manager again.  Perform a search on "SELinux" as you did before, and then scroll down to the SELinux configuration GUI item.  Check this item.


Click Apply.  A variety of prompts will appear.  Click Continue past all of them.


At the end, you'll see a final prompt.


Click OK, and then exit Package Manager.  The final step is to verify installation.

Step 4: Verify Installation

On the CentOS desktop, from the System menu, point to Administration.  The Administration submenu appears.  Listed on this submenu, just below the Security Level and Firewall menu item, should be a new menu item, SELinux Management.


Select this menu item.  The SELinux Administration tool GUI appears.


This completes this step-by-step walkthrough on installing the SELinux Administration tool GUI on CentOS.  Happy computing!

References
  1. 46.2. Introduction to SELinux - Red Hat Enterprise Linux 5 Server documentation
  2. SELinux - CentOS How Tos
  3. 43.2. Introduction to SELinux - Linuxtopia - CentOS 4
  4. CentOS - Wikipedia
  5. SELinux denials with "spamc" and "webalizer" - CentOS Forums - Security Support
  6. Linux / Unix find command - Computer Hope
  7. Linux / Unix uname command - Computer Hope
  8. YUM Commands - CentOS Help Resources
  9. The Community Enterprise Operating System (CentOS)
  10. VMware Workstation
Notes
  • This walkthrough was performed on CentOS version 5.5 [9] as guest OS on VMware Workstation 7.1 [10].
  • Follow the above procedure to install the SELinux Troubleshooter as well.  You'll see it listed in Package Manager.

Saturday, April 16, 2011

SharePoint 2007: Adding PDF Support Step-by-Step

Introduction

SharePoint Server 2007 does not by default support PDF content searching [1].  If you want to be able to search through PDF files saved to a document folder, you need to install and configure Adobe PDF support.  This procedure walks you through that process, step-by-step.  This walkthrough was performed on Microsoft SharePoint Server 2007 Enterprise, hosted on Windows Server 2003 Enterprise Edition, and follows similar procedures discussed elsewhere [9, 10, 23], but with more thoroughly descriptive and referenced steps.  It proceeds in six steps: 1) install the Adobe PDF IFilter v6.0; 2) add an Adobe extension registry entry; 3) add the Adobe icon to Windows SharePoint Services; 4) add the Adobe PDF extension to the list of Managed File Types; 5) restart search services; and 6) verify PDF content is indexed.  All references used in this walkthrough are listed in the References section, below.  Good luck!

Procedure

Step 1: Install the Adobe PDF IFilter v6.0

Download the Adobe PDF IFilter v6.0 [2].  Follow the instructions.  'Best to choose default installation directory.  Once completed, you'll find a new program folder.


The installed IFilter is named PDFFILT.dll.


Step 2: Add an Adobe PDF Extension Registry Entry

Next step is to add a registry entry for the Adobe extension if it doesn't exist [1].  Open the registry editor.  Make a full registry backup.  Then navigate to the following registry setting:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Applications\GUID\Gather\Search\Extensions\ExtensionList
Check for an entry for pdf.  If you can't find it, you'll need to create it: check the list of extensions for the largest name - this may likely be 37;  right-click on ExtensionList; from the popup menu, point to New, and then select String Value; for the Name, enter a value equal to the largest current name + 1 (likely 38); for the String Value, enter pdf; then click OK.


Check to make sure that you have the following registry keys.  These should have been configured during the installation of Adobe PDF IFilter v6.0 [1]:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.pdf
    • Name: Default
    • Type: REG_MULTI_SZ
    • Data: {8315BA54-B69F-4275-AE11-31CB6359EB09}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\Filters\.pdf
    • Name: Default
      • Type: REG_SZ
      • Data: (value not set)
    • Name: Extension
      • Type: REG_SZ
      • Data: pdf
    • Name: FileTypeBucket
      • Type: REG_DWORD
      • Data: 0x00000001 (1)
    • Name: MimeTypes
      • Type: REG_SZ
      • Data: application/pdf
You should see the following:


If these registry keys don't exist, rerun the Adobe PDF IFilter v6.0 installation.

Step 3: Add the Adobe Icon to Windows SharePoint Services

Next step is to add the Adobe icon to Windows SharePoint Services [14-16].  Download the PDF icon [3].  Download the small 17x17 pixel version. Save the icon file to the following directory on your MOSS 2007:
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\IMAGES
Navigate to the following directory:
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\XML
Look for the DOCICON.XML file in this directory.


Open this file, and then edit it by adding an entry for pdf.


Restart Internet Information Services.  This causes the docicon.xml file to be reread by the SharePoint Server service.

Step 4: Add the Adobe PDF extension to the list of Managed File Types

The next step is to add the Adobe PDF extension to the list of managed file types so that PDF file properties and content are searched and indexed [17-19].  Navigate to the Search Administration page.  On the left, under Crawling, look for File types link.


Click this link.  This takes you to the Manage File Types page.  Click New File Type at the top of the list.


Enter PDF, and then click OK.  You'll see a new file type added to the list.


Step 5: Restart Search Services

Next, stop and start the Windows SharePoint Services Search Service and the Office SharePoint Server Search Service.


Logon to the Shared Services provider associated with these target search services.  Perform full crawls of all content sources.

Step 6: Verify PDF Content is Indexed

Now, check to make sure that the contents of PDFs are searchable and indexable.  You can do this by checking the crawl logs.  First, go to the Shared Services page, and then go to the Crawl Log page.


Then, click on one of the host name links to view its crawl log.  Crawled PDFs should present without any warnings or errors or additional cautionary statements.


Now, perform a simple keyword search for a term that you know is in one or more of the PDF documents currently uploaded to your SharePoint Server instance. 


This completes this step-by-step walkthrough of installing and configuring Adobe PDF support to your SharePoint Server 2007 search service.  The next section discusses a few lessons-learned.  Happy computing!

Lessons-learned

Adobe Acrobat Reader X

This version of the Adobe Acrobat Reader does not include an iFilter dynamic link library.  Attempts to add PDF support to SharePoint Server 2007/2010 instances will fail when using Adobe Acrobat Reader X [4, 5].  Don't waste your time with it.

Adobe Acrobat Reader 9.X

The online literature indicates that the Adobe iFilter has been bundled with Adobe Acrobat Reader, since version 7.0.5, and that you only need to install the bundle on your SharePoint Server instance in order to realize PDF support.  However, my own efforts to use version 9.4 (the last version prior to 10), in order to implement PDF support in SharePoint Server, met with failure.   Others have also experienced some difficulties getting the Adobe Acrobat Reader bundled ifilter to correctly be implemented [20-25].

Others have had success using these versions [7, 8, 9].  I have followed the steps described by others [7-9], but without success.  I also checked my SharePoint Server configuration against the appropriate Microsoft Knowledgbase articles [1, 11], but still without success.  Though Search recognized that there were PDFs and noted them in the crawl log, it could not index their contents.


I continued to review the online literature looking for clues.  One source provided a rather complex procedure for enabling the bundled ifilter to work, requiring additional registry entry changes [26].  Given these ambiguous results, and lacking the time to perform further research on this issue, I decided to press ahead with an approach that had achieved successful results in the past, and this is the procedure presented above, in this walkthrough.

I uninstalled Adobe Reader 9.4 from my SharePoint Server 2007 instance, and then performed a fresh installation of Adobe PDF IFilter v6.0.  After working through all of the various ancillary configuration steps, I was finally able to have my SharePoint Server 2007 instance recognize and index PDF content.

At this point, I don't know where the fault may lie.  'Possibly, I missed something somewhere. In any case, I have found an approach that works and that works consistently over the course of multiple installations.  I have documented my efforts here in order to help others who may encounter similar issues.

References
  1. No Adobe PDF documents are returned in the search results when you search a Windows SharePoint Services 3.0 Web site, KB927675, Microsoft Support, 5/14/2007
  2. Adobe PDF IFilter v6.0, Adobe Support, Downloads, Acrobat
  3. Use of Adobe icons and web logos, Permissions and trademark guidelines, About Adobe
  4. Do shell extensions work in Reader X?, General Questions, Protected Mode FAQ, Adobe Developer Connection
  5. Adobe Reader X problem - no search contents filter
  6. FTP directory /pub/adobe/reader/win/9.x/9.4.0/en_US at ftpadobecom
  7. Adobe Reader 9 Available – Works Fine with SharePoint, Derek Goodridge, Worker Thread Blog, 7/18/2008
  8. And now for something completely different-- Searching PDFs, or Using Adobe's PDF IFilter with WSS 3.0 sp1, ServerGrrl, January 5, 2008
  9. Configuring MOSS 2007 to search pdf documents - install and configure pdf ifilters, Musings on SharePoint 2010, 2/6/2008
  10. Walkthrough: Installing Adobe (v6) PDF iFilter for SharePoint 2007 (Moss/WSS), Tyler Holmes, System.What, 4/10/2008
  11. Adobe Reader files cannot be found after you add the .pdf file type to the list of crawled file types in SharePoint Server 2007, KB928619, Microsoft Support, 5/14/2007
  12. SharePoint 2007 and Adobe PDF, Joining Dots, The Old Joining Dots Blog, 5/9/2007
  13. Adobe Reader 9.4.0
  14. How to add an icon to Windows SharePoint Services to represent Adobe PDF documents that are stored in document libraries, KB837849, Microsoft Support, 11/30/2007
  15. DOCICON.XML, Microsoft TechNet Library
  16. Understanding DocIcon.xml, Microsoft TechNet Library
  17. Manage file types (Office SharePoint Server), Microsoft TechNet Library
  18. File types and IFilter reference (Office SharePoint Server), Microsoft TechNet Library, 9/11/2008
  19. About IFilters (Office SharePoint Server 2007), Microsoft TechNet Library, 4/16/2009
  20. PDF files not getting crawled, Microsoft TechNet Social Formums, Enterprise Search, 11/19/2009
  21. PDF files are not getting crawled, Microsoft MSDN Social Formums, 2009
  22. MOSS 2007, 32 bit - Not all PDF files indexed, FoxITSoftware, 6/12/2008
  23. Indexing and Searching PDFs in MOSS 2007, Aidan Garnish blog, 9/19/2007
  24. Search server is not indexing the content of pdf files, Microsoft MSDN Social Forums, Search Server Installation, Configuration and Administration, 2/12/2009
  25. SharePoint 2007 and PDF indexing, Steven Van de Craen's Blog, 9/19/2007
  26. Index PDF documents on SharePoint using Adobe PDF IFilter 9, Harold van de Kamp's Blog, 10/2/2008
Notes
  • The PDF iFilter installed by Adobe Acrobat 9.X is AcroRdIF.dll, and it is installed to directory C:\Program Files\Adobe\Reader 9.0\Reader by default.
  • Adobe Acrobat Reader X (10) does not contain an iFilter [4].
  • The Adobe PDF IFilter v6.0 comes with an excellent installation and troubleshooting guide that even covers SharePoint topics.  Look for its Readme.htm in the root folder, after you've installed it.