manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kadri Atalay <atalay.ka...@gmail.com>
Subject Re: Which version of Solr have implements the Document Level Access Control
Date Thu, 05 May 2011 22:20:19 GMT
Hi Karl,

    String returnedAtts[]={"tokenGroups"} is ONLY returning the
memberGroups,

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com
"
AUTHORIZED:TEQA-DC
TOKEN:TEQA-DC:S-1-5-32-545
TOKEN:TEQA-DC:S-1-5-32-544
TOKEN:TEQA-DC:S-1-5-32-555
TOKEN:TEQA-DC:S-1-5-21-
1212545812-2858578934-3563067286-1124
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
TOKEN:TEQA-DC:S-1-1-0


but,

-    String returnedAtts[] = {"tokenGroups","objectSid"}; is returning
memberGroups AND *SID for that user*.

> C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com
"
AUTHORIZED:TEQA-DC
TOKEN:TEQA-DC:S-1-5-32-545
TOKEN:TEQA-DC:S-1-5-32-544
TOKEN:TEQA-DC:S-1-5-32-555
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
*TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480*
TOKEN:TEQA-DC:S-1-1-0

Since we are only interested in the member groups, tokenGroups is
sufficient, but if you also need user SID then you might keep the objectSID
as well.

Thanks

Kadri


On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddywri@gmail.com> wrote:

> I am curious about the following change, which does not seem correct:
>
>
>     //Specify the attributes to return
> -    String returnedAtts[] = {"tokenGroups","objectSid"};
> +    String returnedAtts[]={"tokenGroups"};
>     searchCtls.setReturningAttributes(returnedAtts);
>
> Karl
>
>
> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.kadri@gmail.com>
> wrote:
> > Karl,
> >
> > The ActiveDirectoryAuthority.java is attached.
> >
> > I'm not sure about clicking "Grant ASF License", or how to do that from
> > Tortoise.
> > But, you got my consent for granting the ASF license.
> >
> > Thanks
> >
> > Kadri
> >
> >
> > On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddywri@gmail.com> wrote:
> >>
> >> You may attach the whole ActiveDirectoryAuthority.java file to the
> >> ticket if you prefer.  But you must click the "Grant ASF License"
> >> button.
> >>
> >> Karl
> >>
> >> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay <atalay.kadri@gmail.com>
> >> wrote:
> >> > Karl,
> >> >
> >> > I'm using the Tortoise SVN, and new to SVN..
> >> > Do you know how to do this with Tortoise ?
> >> > Otherwise, I can just send the source code directly to you.
> >> > BTW, there are some changes in the ParseUser method also, you can see
> >> > all
> >> > when you run the diff.
> >> >
> >> > Thanks
> >> >
> >> > Kadri
> >> >
> >
> >
>

Mime
View raw message