manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Parkinson <parkinson.w...@gmail.com>
Subject Re: Sharepoint claim space authentication
Date Fri, 26 Jul 2013 12:37:42 GMT
Hi Karl,

I tried to get this built today on the Sharepoint system but i was denied
access by the system owner.  Is this something you can build on our end?
If not i will try to get access to a similar Sharepoint system somehow.

I have some more information on the claims based authentication problems:

It seems that the issue is causing an issue with the generation of the lock
strings obtained from Sharepoint.  An example lock string we are obtaining
from the output connector is as follows

|allowDocument:|allowDocument:S-1-0-0|allowDocument:S-1-5-21-3052554794-3770484871-3874881240-313758|allowDocument:S-1-5-21-3052554794-3770484871-3874881240-317141|denyDocument:DEAD_AUTHORITY|allowShare:empty|denyShare:empty|


The first allowDocument: parameter is always empty.  Presumably it should
contain something.

A test on a non claims based authenticated system did not present the same
issue.

Cheers,

Will


On Fri, Jul 26, 2013 at 6:29 PM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Will,
>
> Did this work for you?  I'd like to integrate the code into trunk if so.
>
> Karl
>
>
>
> On Tue, Jul 23, 2013 at 9:13 PM, Karl Wright <daddywri@gmail.com> wrote:
>
>> Hi Will,
>>
>> I made the logging change.  Can you try it out?  This is how:
>>
>> (1) Check out the branch onto your Windows development system:
>>
>> svn co
>> https://svn.apache.org/repos/asf/manifoldcf/integration/sharepoint-2010/branches/CONNECTORS-758
>>
>> (2) Read the README.txt file, and make sure you have all the necessary
>> dependencies installed appropriately, especially the sharepoint assembly.
>>
>> (3) Build, using "ant build".
>>
>> (4) Install your newly-built MCPermissions web service (using the
>> dist\update.bat script)
>>
>> Then, try it out, and please let me know if it logs anything to the trace
>> log, etc.
>>
>> Thanks!
>> Karl
>>
>>
>>
>> On Tue, Jul 23, 2013 at 7:31 PM, Will Parkinson <parkinson.will@gmail.com
>> > wrote:
>>
>>> Hi Karl,
>>>
>>> I was talking to the Sharepoint administrator last night and he would
>>> also prefer the logs entries to be written to the trace logs.  If you had
>>> the time to build a Sharepoint plugin for 2010 that would be fantastic.
>>>
>>> Cheers,
>>>
>>> Will
>>>
>>>
>>> On Tue, Jul 23, 2013 at 10:04 PM, Karl Wright <daddywri@gmail.com>wrote:
>>>
>>>> Using the trace log may well work for us.  I've created a ticket for
>>>> this work: CONNECTORS-758.  Will, do you have anything further to report
on
>>>> logging research?  Should I build a trial SharePoint 2010 plugin for you
to
>>>> explore in your environment?
>>>>
>>>> Karl
>>>>
>>>>
>>>> On Sun, Jul 21, 2013 at 9:21 PM, Karl Wright <daddywri@gmail.com>wrote:
>>>>
>>>>> The link provided looks pretty helpful.  But it is also tricky enough
>>>>> that I would not want to be changing the log output with a SharePoint
>>>>> system available to try it all out on.  Specifically, you need to write
a
>>>>> feature handler to register the appropriate log category; I'm not sure
how
>>>>> to integrate that with the current package properly.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jul 18, 2013 at 3:45 AM, Christian M. Rieck <
>>>>> christian.rieck@comperiosearch.com> wrote:
>>>>>
>>>>>>  > There may be a SharePoint application log we could use instead
-
>>>>>> but I have no idea how to access such a thing.  I'll see if Google
>>>>>> can tell me.****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> In SharePoint 2010 it is common to write to the ULS logs*. This also
>>>>>> lets you control the log-level through central admin. Check out
>>>>>> http://www.parago.de/2011/01/how-to-implement-a-custom-sharepoint-2010-logging-service-for-uls-and-windows-event-log/and
>>>>>> http://dbremes.wordpress.com/2010/09/02/using-sharepoint-2010s-logging-infrastructure-part-2/,
they should explain it. I skipped the Event-log and registry parts for my
>>>>>> implementation, only writing to ULS (what they call trace log)****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> (Note that I have no knowledge of the plugin being discussed here
and
>>>>>> may give an answer to a question nobody really asked..)****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> Christian.****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> *From:* Karl Wright [mailto:daddywri@gmail.com]
>>>>>> *Sent:* 17. juli 2013 14:22
>>>>>> *To:* user@manifoldcf.apache.org
>>>>>> *Subject:* Re: Sharepoint claim space authentication****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> Hi Will,
>>>>>>
>>>>>> I'm not an expert on writing SharePoint plugins.  The plugin we have
>>>>>> just uses the standard C# EventLog class, which knows where the Windows
>>>>>> event log is on whatever system the plugin is running on.  Having
the
>>>>>> plugin create and manage its own log is fraught with permission problems,
>>>>>> which is why we send error notifications of this kind to the event
log.
>>>>>> ****
>>>>>>
>>>>>> There may be a SharePoint application log we could use instead -
but
>>>>>> I have no idea how to access such a thing.  I'll see if Google can
tell me.
>>>>>>
>>>>>> Karl****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Wed, Jul 17, 2013 at 8:17 AM, Will Parkinson <
>>>>>> parkinson.will@gmail.com> wrote:****
>>>>>>
>>>>>>    Hi Karl,****
>>>>>>
>>>>>> Thanks for creating that ticket.****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> The sharepoint version is 2010.  I will obtain the build number from
>>>>>> the Sharepoint administrator****
>>>>>>
>>>>>> I would assume the WSP file file would obtain the event log file
path
>>>>>> and name from the sharepoint installation.  I am only new to manifoldCF
so
>>>>>> that might be completely incorrect.  Would it be infeasible to have
the
>>>>>> plugin create its own log file?****
>>>>>>
>>>>>> Cheers,****
>>>>>>
>>>>>> Will****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Wed, Jul 17, 2013 at 8:49 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:****
>>>>>>
>>>>>>   I've created the ticket:
>>>>>> https://issues.apache.org/jira/browse/CONNECTORS-754 . Some of the
>>>>>> information may be incorrect, but at least it is a starting point.***
>>>>>> *
>>>>>>
>>>>>> I will be taking steps immediately on trunk to harden the connector
>>>>>> against the array index issues, but I strongly suspect that the underlying
>>>>>> problem is that there are at least a few sorts of entities in this
>>>>>> situation that are causing the plugin to not work as expected.  Getting
>>>>>> logging working there is essential to correcting that problem.****
>>>>>>
>>>>>> Karl****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Wed, Jul 17, 2013 at 6:18 AM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:****
>>>>>>
>>>>>>   Hi Will,****
>>>>>>
>>>>>> These issues may very well be related.
>>>>>> **
>>>>>> ******
>>>>>>
>>>>>> The logic that is giving you the "index out of range" error is
>>>>>> manipulating supposed relative paths it is getting from the SharePoint
list
>>>>>> files method.  Those paths are not showing up in a form the connector
is
>>>>>> expecting, which is "library/folder_path".  It is possible that claim
space
>>>>>> paths are coming out differently and the connector would have to
change to
>>>>>> accommodate that.  The problem with Microsoft products in general
is that
>>>>>> there are so many ways to configure them there is practically no
chance of
>>>>>> adequately testing across the entire configuration space in advance.*
>>>>>> ***
>>>>>>
>>>>>> What I think we should do is create a ticket (and a branch) to do
>>>>>> diagnostics and development for this sharepoint variant.  Could you
provide
>>>>>> me with:****
>>>>>>
>>>>>> - which SharePoint version this is, including the build number****
>>>>>>
>>>>>> - how you think the logging for the MCPermissions.asmx should be
done
>>>>>> ****
>>>>>>
>>>>>> I'll create the ticket once I have that info.
>>>>>>
>>>>>> Karl****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Wed, Jul 17, 2013 at 5:31 AM, Will Parkinson <
>>>>>> parkinson.will@gmail.com> wrote:****
>>>>>>
>>>>>>    Hi Karl,****
>>>>>>
>>>>>> We have now tried a user with full access on that server and the
>>>>>> error still occurs.  We have logged in as this user via RDP and tested
that
>>>>>> the user could write to the log files and there was no problem.****
>>>>>>
>>>>>> One this we did notice is that the log files for the sharepoint
>>>>>> installation are not in the default location.  Would this possibly
be the
>>>>>> issue?****
>>>>>>
>>>>>> It also seems that we can ingest files from sharepoint despite the
>>>>>> "cannot open log source issue" but the logs are full of errors like
this
>>>>>>
>>>>>> FATAL 2013-07-17 19:24:57,927 (Worker thread '46') - Error tossed:
>>>>>> String index out of range: 19
>>>>>> java.lang.StringIndexOutOfBoundsException: String index out of range:
>>>>>> 19
>>>>>>     at java.lang.String.substring(String.java:1955)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.SharePointRepository$FileStream.addFile(SharePointRepository.java:1890)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.SPSProxyHelper.getChildren(SPSProxyHelper.java:655)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.SharePointRepository.processDocuments(SharePointRepository.java:1411)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.BaseRepositoryConnector.processDocuments(BaseRepositoryConnector.java:423)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.system.WorkerThread.run(WorkerThread.java:559)
>>>>>> FATAL 2013-07-17 19:24:57,964 (Worker thread '5') - Error tossed:
>>>>>> String index out of range: 21
>>>>>> java.lang.StringIndexOutOfBoundsException: String index out of range:
>>>>>> 21
>>>>>>     at java.lang.String.substring(String.java:1955)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.SharePointRepository$FileStream.addFile(SharePointRepository.java:1890)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.SPSProxyHelper.getChildren(SPSProxyHelper.java:655)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.SharePointRepository.processDocuments(SharePointRepository.java:1411)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.connectors.BaseRepositoryConnector.processDocuments(BaseRepositoryConnector.java:423)
>>>>>>     at
>>>>>> org.apache.manifoldcf.crawler.system.WorkerThread.run(WorkerThread.java:559)
>>>>>> ****
>>>>>>
>>>>>> Would these issues be related?
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Will****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Mon, Jul 15, 2013 at 10:03 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:****
>>>>>>
>>>>>>  Hi Will,
>>>>>>
>>>>>> Here's an example of the code that attempts to access the log:
>>>>>>
>>>>>>                 EventLog.WriteEntry("MCPermissions.asmx", "Error:
>>>>>> "+ex.Message+"; SPContext.Current.Web.Url='"+SPContext.Current.Web.Url+"'");
>>>>>> ****
>>>>>>
>>>>>> So I believe it will be trying to access the event log, and it is
>>>>>> failing to do that.  Once that issue is resolved, the fact is that
it does
>>>>>> not even attempt to log anything unless an earlier error occurred.
 So
>>>>>> there is more than one error involved.
>>>>>>
>>>>>> Karl****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Mon, Jul 15, 2013 at 7:57 AM, Will Parkinson <
>>>>>> parkinson.will@gmail.com> wrote:****
>>>>>>
>>>>>>  Hi Karl, thanks for the quick response.****
>>>>>>
>>>>>> I thought this might be the case initially, and have asked the
>>>>>> Sharepoint administrator about the user permissions used to install
the
>>>>>> plugin and he assures me that the permissions are sufficient.  Do
you know
>>>>>> which log (location, file name) that the plugin tries to write to?***
>>>>>> *
>>>>>>
>>>>>> ****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Mon, Jul 15, 2013 at 9:15 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:****
>>>>>>
>>>>>>  Hi Will,
>>>>>>
>>>>>> The issue seems to be around the ability of the MCPermissions plugin
>>>>>> to write to the log.  As it was installed, it does not have the ability
to
>>>>>> do that on your claim-space system.****
>>>>>>
>>>>>> Usually, we recommend that the plugin be installed by a user that
has
>>>>>> sufficient permissions to do everything the plugin needs to do. 
It does
>>>>>> not sound like that is the case here.
>>>>>>
>>>>>> Thanks,
>>>>>> Karl****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Mon, Jul 15, 2013 at 6:37 AM, Will Parkinson <
>>>>>> parkinson.will@gmail.com> wrote:****
>>>>>>
>>>>>>  Hello,****
>>>>>>
>>>>>> I have installed ManifoldCF and have added 2 Sharepoint repositories
>>>>>> - one Sharepoint site uses claim space authentication and the other
one
>>>>>> does not.****
>>>>>>
>>>>>> manifold seems to have no issue connecting to the non claim space
>>>>>> authenticated Sharepoint site but generates this error when trying
to
>>>>>> connect to the claim space authenticated Sharepoint site:****
>>>>>>
>>>>>> Connection status: Unknown SharePoint server error accessing site
-
>>>>>> axis fault = Server, detail = Server was unable to process request.
--->
>>>>>> Cannot open log for source 'MCPermissions.asmx'. You may not have
write
>>>>>> access. ---> Access is denied****
>>>>>>
>>>>>> Has anybody experienced a similar problem with claim space
>>>>>> authenticated Sharepoint sites?****
>>>>>>
>>>>>> Any help is much appreciated.****
>>>>>>
>>>>>> - Will****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>>  ** **
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message