manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: How to check Sharepoint ACLs into Solr using MCF 1.5.1.
Date Wed, 11 Jun 2014 16:30:10 GMT
Thanks -- still no joy. :-(

Karl


On Wed, Jun 11, 2014 at 12:25 PM, lalit jangra <lalit.j.jangra@gmail.com>
wrote:

> Hi Karl,
>
> I have tired with another user and below is json result. Please let me
> know for more information.
>
> {
>
>         "url": "\/alfresco\/service\/api\/person\/abeecher",
>
>         "userName": "abeecher",
>
>         "enabled": true,
>
>         "avatar":
> "api\/node\/workspace\/SpacesStore\/d77a6aa1-bac8-42e4-8df8-2faf1a085622\/content\/thumbnails\/avatar",
>
>         "firstName": "Alice",
>
>         "lastName": "Beecher",
>
>         "jobtitle": "Graphic Designer",
>
>         "organization": "Moresby, Garland and Wedge",
>
>         "organizationId": null,
>
>         "location": "Tilbury, UK",
>
>         "telephone": "0112211001100",
>
>         "mobile": "0112211001100",
>
>         "email": "abeecher@example.com",
>
>         "companyaddress1": "200 Butterwick Street",
>
>         "companyaddress2": "Tilbury",
>
>         "companyaddress3": "UK",
>
>         "companypostcode": "ALF1 SAM1",
>
>         "companytelephone": "",
>
>         "companyfax": "",
>
>         "companyemail": "",
>
>         "skype": "abeecher",
>
>         "instantmsg": "",
>
>         "userStatus": "Helping to design the look and feel of the new web
> site",
>
>         "userStatusTime": { "iso8601": "2011-02-15T20:20:13.432Z"},
>
>         "googleusername": "",
>
>         "quota": -1,
>
>         "sizeCurrent": 8382006,
>
>         "emailFeedDisabled": false,
>
>         "persondescription": "Alice is a demo user for the sample Alfresco
> Team site."
>
> ,
>
>         "capabilities":
>
>         {
>
>                "isMutable":
>
>                true
>
>                                ,"isGuest":
>
>                false
>
>                                ,"isAdmin":
>
>                false
>
>                        }
>
> }
>
> Regards.
>
>
> On Wed, Jun 11, 2014 at 5:00 PM, Karl Wright <daddywri@gmail.com> wrote:
>
>> Oh, one other thing: it is possible that the user you queried for did not
>> *need* any additional ACL information because it was an admin user.  Can
>> you try the same query with a user who is not an admin?
>>
>> Thanks!
>> Karl
>>
>>
>>
>> On Wed, Jun 11, 2014 at 11:59 AM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> When you invoke Solr, you invoke it via an HTTP request.  To pass in an
>>> authenticated user name, you can pass it in as an argument on the URL for
>>> that request.  The README documentation for the plugin describes what the
>>> parameter name(s) are called.
>>>
>>> Alternatively, you can code up a Solr plugin yourself that authenticates
>>> a user and puts the user name in the Request object.
>>>
>>> Karl
>>>
>>>
>>>
>>> On Wed, Jun 11, 2014 at 11:32 AM, lalit jangra <lalit.j.jangra@gmail.com
>>> > wrote:
>>>
>>>> Hi Karl,
>>>>
>>>> Alfresco :  yeah its the problem here. I am still trying to get
>>>> something working here.
>>>>
>>>> Solr: Yes i have installed MCF Solr plugin , put jar in SOlr , updated
>>>> Solr schema with 4 additional fields & updated solrconfig.xml for MCF
>>>> request handler. I do have authenticated user which is querying the Solr
>>>> for search results and no unauthenticated user will see the search page.
By
>>>> getting authenticated user into solr query means adding user & his
>>>> permissions into solr query using a filter or fields?
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Wed, Jun 11, 2014 at 4:19 PM, Karl Wright <daddywri@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> About Alfresco: do you see any user security information in this
>>>>> record?  I don't.  Without that iinformation, I don't see how security
can
>>>>> be done.  Perhaps there's another way to get at it?
>>>>>
>>>>> About Solr:  Have you installed the appropriate ManifoldCF Solr Plugin
>>>>> into your solr instance yet?  You drop down a jar, and then you need
to
>>>>> include one of the plugin filtering classes in your query parsing or
>>>>> component processing chains in Solr.  You will also need a way of getting
>>>>> an authenticated user into your Solr query so that the plugin can see
it.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 11, 2014 at 11:08 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Sure Karl,
>>>>>>
>>>>>> I have invoked the REST based webscript @
>>>>>> http://localhost:8080/alfresco/service/api/people/admin & below
are
>>>>>> results in json.
>>>>>>
>>>>>> {
>>>>>> 	"url": "\/alfresco\/service\/api\/person\/admin",
>>>>>> 	"userName": "admin",
>>>>>> 	"enabled": true,
>>>>>> 	"firstName": "Administrator",
>>>>>> 	"lastName": "",
>>>>>> 	"jobtitle": null,
>>>>>> 	"organization": null,
>>>>>> 	"organizationId": "",
>>>>>> 	"location": null,
>>>>>> 	"telephone": null,
>>>>>> 	"mobile": null,
>>>>>> 	"email": "admin@alfresco.com",
>>>>>> 	"companyaddress1": null,
>>>>>> 	"companyaddress2": null,
>>>>>> 	"companyaddress3": null,
>>>>>> 	"companypostcode": null,
>>>>>> 	"companytelephone": null,
>>>>>> 	"companyfax": null,
>>>>>> 	"companyemail": null,
>>>>>> 	"skype": null,
>>>>>> 	"instantmsg": null,
>>>>>> 	"userStatus": null,
>>>>>> 	"userStatusTime": null,
>>>>>> 	"googleusername": null,
>>>>>> 	"quota": -1,
>>>>>> 	"sizeCurrent": 0,
>>>>>> 	"emailFeedDisabled": false,
>>>>>> 	"persondescription": null
>>>>>> ,
>>>>>> 	"capabilities":
>>>>>> 	{
>>>>>> 		"isMutable":
>>>>>> 		true
>>>>>> 				,"isGuest":
>>>>>> 		false
>>>>>> 				,"isAdmin":
>>>>>> 		true
>>>>>> 			}
>>>>>> }
>>>>>>
>>>>>>
>>>>>> Also i am able to index ACL for Sharepoint & Shared Drive into
solr, can you guide me how can i use them while searching content from these both repositories?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Do i need to add another filter to my query for same? If so what
should be the name of filter?
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 11, 2014 at 3:34 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> Looking at more up-to-date documentation here:
>>>>>>> http://docs.alfresco.com/4.2/references/RESTful-PersonPersonGet.html
>>>>>>>
>>>>>>> It would be great if you could try this operation with a known
user
>>>>>>> against an Alfresco implementation, and see what you get back
in the user
>>>>>>> JSON.  I think you could take these steps:
>>>>>>>
>>>>>>> (1) Use a browser session to log into your alfresco instance
UI
>>>>>>> (2) Construct the described URL above in the same browser's URL
>>>>>>> field, and fire it off
>>>>>>> (3) Send me the resulting JSON
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Karl
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 11, 2014 at 6:22 AM, Karl Wright <daddywri@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Looking at the REST api, it seems like it is not a true stateless
>>>>>>>> REST api.  Apparently, there is a session cookie required
(?).  For
>>>>>>>> example, see:
>>>>>>>>
>>>>>>>>
>>>>>>>> http://docs.alfresco.com/4.0/references/RESTful-RepositoryLoginticketGet.html
>>>>>>>>
>>>>>>>> That will (somewhat) complicate things; it's decidedly non-standard.
>>>>>>>> Also, I don't see any way still to get access tokens given
a user:
>>>>>>>>
>>>>>>>> http://docs.alfresco.com/4.0/references/RESTful-Person.html
>>>>>>>>
>>>>>>>> Do you see any way to do this?
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jun 11, 2014 at 5:24 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Thanks Karl,
>>>>>>>>>
>>>>>>>>> Sadly this confirms that neither CMIS nor Alfresco connectors
>>>>>>>>> support ACL indexing and storage. I checked into Alfresco
connector code
>>>>>>>>> but nothing has been mentioned about ACL indexing &
storage.
>>>>>>>>>
>>>>>>>>> Next alfresco does support REST based API very well and
infact
>>>>>>>>> REST is used in Alfresco all over the place. So we can
definitely write
>>>>>>>>> some better stuff here. For documentation around REST
usage in alfresco,
>>>>>>>>> please refer to below URLs. Latest version of alfresco
is 4.2 and a lot has
>>>>>>>>> been changed into it for almost everything to make things
simpler and
>>>>>>>>> efficient.
>>>>>>>>>
>>>>>>>>> http://docs.alfresco.com/4.0/concepts/API-intro-4.html
>>>>>>>>> http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference
>>>>>>>>>
>>>>>>>>> These pretty much cover features provided by REST into
alfresco
>>>>>>>>> and we can definitely start from here & do let me
know for any more
>>>>>>>>> documentation. Every alfresco instance supports REST
based processing so
>>>>>>>>> testing REST is not a tedious task.
>>>>>>>>>
>>>>>>>>> In the meantime i am checking GitHub to find if something
is
>>>>>>>>> already available.
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Jun 11, 2014 at 9:50 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Lalit,
>>>>>>>>>>
>>>>>>>>>> The best way to start is to describe the Alfresco
server you are
>>>>>>>>>> trying to crawl.  What version?  It matters a lot,
as you will read below.
>>>>>>>>>>
>>>>>>>>>> The Alfresco connector was originally submitted by
Piergiorgio
>>>>>>>>>> Lucidi under the direction of SourceSense.  My understanding
is that he had
>>>>>>>>>> no trouble getting access tokens with the connector,
but unfortunately on
>>>>>>>>>> the other end (mapping users to access tokens) the
original Alfresco API's
>>>>>>>>>> didn't do this.  Since then, I believe, Alfresco
has completely revamped
>>>>>>>>>> their API's, and they have a REST-style API available
to do the job (or so
>>>>>>>>>> I am told).  A company called Zaizi did some work
on it and was supposed to
>>>>>>>>>> contribute the updated connector, but for two releases
that hasn't
>>>>>>>>>> happened.  But it is possible that the connector
is in GitHub somewhere?
>>>>>>>>>>
>>>>>>>>>> In short, Alfresco is a bit of a mess, and I would
very much like
>>>>>>>>>> to get it repaired to a point where it is usable
fully.
>>>>>>>>>>
>>>>>>>>>> If your instance has the REST API, and you can provide
me with
>>>>>>>>>> the REST API documentation for your Alfresco instance,
I am happy to set up
>>>>>>>>>> a branch to build an Alfresco REST connector from
scratch (provided it
>>>>>>>>>> looks like everything works the way it is supposed
to).  Building a
>>>>>>>>>> connector in this way will take usually a couple
of weeks, and you MUST
>>>>>>>>>> have access to the instance you are trying to crawl,
and be willing to test
>>>>>>>>>> the connector against it and reiterate.  There is
a chance we'd fail, but
>>>>>>>>>> with the documentation available in advance, the
chances of that would be
>>>>>>>>>> low.
>>>>>>>>>>
>>>>>>>>>> Thoughts?
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Jun 11, 2014 at 1:58 AM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>
>>>>>>>>>>> So its a show stopper now.
>>>>>>>>>>>
>>>>>>>>>>> As a fallback mechanism, i am looking for alfresco
only
>>>>>>>>>>> connector for ACL storing mechanism but can you
confirm if alfresco
>>>>>>>>>>> specific connector supports this feature or not.
>>>>>>>>>>>
>>>>>>>>>>> And finally if no all the ways, what would be
the optimum way to
>>>>>>>>>>> start implementing the same.
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Jun 11, 2014 at 12:47 AM, Karl Wright
<
>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>
>>>>>>>>>>>> CMIS does not give a way for a user to query
for ACLs, so
>>>>>>>>>>>> repository document security is not supported
for that connector.
>>>>>>>>>>>> Documents indexed by CMIS are thus "wide
open" and will not be restricted
>>>>>>>>>>>> from being searchable by anybody.
>>>>>>>>>>>>
>>>>>>>>>>>> This is, unfortunately, a limitation of CMIS
-- at least, CMIS
>>>>>>>>>>>> at the time the connector was implemented.
 Feel free to submit patches to
>>>>>>>>>>>> add security to the connector if the spec
has evolved to the point where it
>>>>>>>>>>>> is possible.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Karl
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Jun 10, 2014 at 6:38 PM, lalit jangra
<
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As per your suggestions, i am able to
see ACLs into solr index
>>>>>>>>>>>>> (I made stored="true" for ACLs in schema.xml)
as below. I can see
>>>>>>>>>>>>> permissions for Sharepoint as well as
shared drive but for CMIS, i am not
>>>>>>>>>>>>> able to see any permissions apart from
default stored. Am i missing
>>>>>>>>>>>>> anything in CMIS?
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Sharepoint*:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ]
>>>>>>>>>>>>>
>>>>>>>>>>>>>       },
>>>>>>>>>>>>>
>>>>>>>>>>>>>       {
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GRestricted+Readers",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GHierarchy+Managers",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GApprovers",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GViewers",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "SP+Group:GDesigners"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Share Drive:*
>>>>>>>>>>>>>
>>>>>>>>>>>>>       {
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "content_name": "hello.txt",
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "content_modifier": "lalitjangra",
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>                "id": "
>>>>>>>>>>>>> file://///SDD/lalit/manifoldtest/hekko.txt",
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "AD+Group:S-1-5-18",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "AD+Group:S-1-1-0",
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  *CMIS *:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                 "allow_token_share":
[
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>
>>>>>>>>>>>>>         ]
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 5:13 PM, Karl
Wright <
>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> You always use the Active Directory
authority for Windows
>>>>>>>>>>>>>> shared drive authorization.  But
you do not for SharePoint; you typically
>>>>>>>>>>>>>> use SharePoint/Native and SharePoint/AD.
 You therefore should have a
>>>>>>>>>>>>>> second authority group for SharePoint
that is distinct from the one for
>>>>>>>>>>>>>> Windows.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Each access token is qualified with
the name of the
>>>>>>>>>>>>>> ManifoldCF authority group, so there
is never any chance that they will
>>>>>>>>>>>>>> collide.  So it is perfectly fine
to have multiple authority groups in a
>>>>>>>>>>>>>> single installation, in fact we'd
expect you to.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> As for the Solr plugin, you can either
download it here:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://manifoldcf.apache.org/en_US/download.html
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ... or you will find that it is there
in the bin distribution
>>>>>>>>>>>>>> already, under the "integration"
directory.  Please have a look and read
>>>>>>>>>>>>>> the README.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 11:41 AM,
lalit jangra <
>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I am having two content repositories
based on active
>>>>>>>>>>>>>>> directory authentication : SharePoint
2010 and Windows Share Drive, so i am
>>>>>>>>>>>>>>> using active directory as authority
type in authority connection. All my
>>>>>>>>>>>>>>> connections are working fine
as well as job is running good but i am still
>>>>>>>>>>>>>>> not able to see any ACL information
in solr.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Do i need to enable any configuration
in solr to see the
>>>>>>>>>>>>>>> same?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Also by Solr Plugin, is it a
jar or connector which needs to
>>>>>>>>>>>>>>> be placed inside solr application
server or is it that i need to write
>>>>>>>>>>>>>>> custom code to make search query
permission aware?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Can you please guide?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 1:59
PM, Karl Wright <
>>>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> (1) You need first to specify
"SharePoint Native" as the
>>>>>>>>>>>>>>>> authority type in your SharePoint
repository connection.  You'd use "Active
>>>>>>>>>>>>>>>> directory" as the authority
type only if you were using the "Active
>>>>>>>>>>>>>>>> directory" authority.  To
be precise:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> - If you are using "SharePoint/Native",
"SharePoint/AD", or
>>>>>>>>>>>>>>>> any combination of these
for your authority group, use "SharePoint native"
>>>>>>>>>>>>>>>> authority type
>>>>>>>>>>>>>>>> - If you are using "Active
Directory", use "Active
>>>>>>>>>>>>>>>> directory" as your authority
type
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> (2) You should see acl information
get posted to Solr if
>>>>>>>>>>>>>>>> you have everything configured
right.
>>>>>>>>>>>>>>>> (3) On the Solr side, you
need to install and configure the
>>>>>>>>>>>>>>>> appropriate Solr plugin.
 Each plugin comes with a README, which describes
>>>>>>>>>>>>>>>> how to set up the schema
on Solr to support security.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 8:51
AM, lalit jangra <
>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com>
wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I am working on Apache
MCF 1.5.1 indexing Sharepoint 2010
>>>>>>>>>>>>>>>>> repository storing index
in Solr 4.6.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> For permissions, i followed
below steps.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 1. Created a new authority
group called "SharePoint Group"
>>>>>>>>>>>>>>>>> in MCF.
>>>>>>>>>>>>>>>>> 2. Created a new User
Mapping connection called
>>>>>>>>>>>>>>>>> "SharePoint User Mapping"
using authority group "SharePoint Group" in step
>>>>>>>>>>>>>>>>> 1. For user mapping,
i used "Regular Expression" mapping and used default
>>>>>>>>>>>>>>>>> expressions.When i save
it, it says "Connection Working".
>>>>>>>>>>>>>>>>> 3. Created a new Authority
connection called "SharePoint
>>>>>>>>>>>>>>>>> Authority Connection"
and using "SharePoint Group"as in step1 as authority
>>>>>>>>>>>>>>>>> group type, using "SharePoint
User Mapping" as prerequisite, using my own
>>>>>>>>>>>>>>>>> domain controller and
other related details. When i save it, it says
>>>>>>>>>>>>>>>>> "Connection Working".
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Next i have created a
new repository connection for
>>>>>>>>>>>>>>>>> SharePoint called "SharePoint
Connection" selecting authority group called
>>>>>>>>>>>>>>>>> "SharePoint Group"  from
pull down list ,  providing all relevant details
>>>>>>>>>>>>>>>>> for server , and choosing
authority type as "Active Directory". On saving,
>>>>>>>>>>>>>>>>> it worked fine without
any error.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Finally i created a new
SharePoint job providing following
>>>>>>>>>>>>>>>>> details.
>>>>>>>>>>>>>>>>> 1. Connections : repository
connection as "SharePoint
>>>>>>>>>>>>>>>>> Connection" and output
connection as "Solr Connection".
>>>>>>>>>>>>>>>>>  2. Choosing paths for
document library, shared documents,
>>>>>>>>>>>>>>>>> announcements & lists.
>>>>>>>>>>>>>>>>> 3. Selecting all metadata
in metadata tab selecting all
>>>>>>>>>>>>>>>>> metadata.
>>>>>>>>>>>>>>>>> 4. Mapped required metadata
fields to solr schema fields.
>>>>>>>>>>>>>>>>> 4. Enabled the security.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Now i started the job
and i can see SharePoint content
>>>>>>>>>>>>>>>>> getting indexed and stored
in solr. I can verify it using solr admin query
>>>>>>>>>>>>>>>>> console.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> But i am not seeing any
additional ACL information. How
>>>>>>>>>>>>>>>>> can i verify that ACL
& permission information is also stored in Solr. Do i
>>>>>>>>>>>>>>>>> need to change Solr configurations
also?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Please help.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>

Mime
View raw message