manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: How to check Sharepoint ACLs into Solr using MCF 1.5.1.
Date Thu, 12 Jun 2014 08:08:59 GMT
Hi Lalit,

I think it would still be a good idea to reimplement the connector to use
the REST API, even if we still have no security still.  At some point in
the next few weeks, I'd like to start experimenting with that.  If I set up
a ticket for this and a branch where the ticket is being worked on, will
you be able to build and try out the new connector?

Karl



On Wed, Jun 11, 2014 at 12:30 PM, Karl Wright <daddywri@gmail.com> wrote:

> Thanks -- still no joy. :-(
>
> Karl
>
>
> On Wed, Jun 11, 2014 at 12:25 PM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>> Hi Karl,
>>
>> I have tired with another user and below is json result. Please let me
>> know for more information.
>>
>> {
>>
>>         "url": "\/alfresco\/service\/api\/person\/abeecher",
>>
>>         "userName": "abeecher",
>>
>>         "enabled": true,
>>
>>         "avatar":
>> "api\/node\/workspace\/SpacesStore\/d77a6aa1-bac8-42e4-8df8-2faf1a085622\/content\/thumbnails\/avatar",
>>
>>         "firstName": "Alice",
>>
>>         "lastName": "Beecher",
>>
>>         "jobtitle": "Graphic Designer",
>>
>>         "organization": "Moresby, Garland and Wedge",
>>
>>         "organizationId": null,
>>
>>         "location": "Tilbury, UK",
>>
>>         "telephone": "0112211001100",
>>
>>         "mobile": "0112211001100",
>>
>>         "email": "abeecher@example.com",
>>
>>         "companyaddress1": "200 Butterwick Street",
>>
>>         "companyaddress2": "Tilbury",
>>
>>         "companyaddress3": "UK",
>>
>>         "companypostcode": "ALF1 SAM1",
>>
>>         "companytelephone": "",
>>
>>         "companyfax": "",
>>
>>         "companyemail": "",
>>
>>         "skype": "abeecher",
>>
>>         "instantmsg": "",
>>
>>         "userStatus": "Helping to design the look and feel of the new web
>> site",
>>
>>         "userStatusTime": { "iso8601": "2011-02-15T20:20:13.432Z"},
>>
>>         "googleusername": "",
>>
>>         "quota": -1,
>>
>>         "sizeCurrent": 8382006,
>>
>>         "emailFeedDisabled": false,
>>
>>         "persondescription": "Alice is a demo user for the sample
>> Alfresco Team site."
>>
>> ,
>>
>>         "capabilities":
>>
>>         {
>>
>>                "isMutable":
>>
>>                true
>>
>>                                ,"isGuest":
>>
>>                false
>>
>>                                ,"isAdmin":
>>
>>                false
>>
>>                        }
>>
>> }
>>
>> Regards.
>>
>>
>> On Wed, Jun 11, 2014 at 5:00 PM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> Oh, one other thing: it is possible that the user you queried for did
>>> not *need* any additional ACL information because it was an admin user.
>>> Can you try the same query with a user who is not an admin?
>>>
>>> Thanks!
>>> Karl
>>>
>>>
>>>
>>> On Wed, Jun 11, 2014 at 11:59 AM, Karl Wright <daddywri@gmail.com>
>>> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> When you invoke Solr, you invoke it via an HTTP request.  To pass in an
>>>> authenticated user name, you can pass it in as an argument on the URL for
>>>> that request.  The README documentation for the plugin describes what the
>>>> parameter name(s) are called.
>>>>
>>>> Alternatively, you can code up a Solr plugin yourself that
>>>> authenticates a user and puts the user name in the Request object.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Wed, Jun 11, 2014 at 11:32 AM, lalit jangra <
>>>> lalit.j.jangra@gmail.com> wrote:
>>>>
>>>>> Hi Karl,
>>>>>
>>>>> Alfresco :  yeah its the problem here. I am still trying to get
>>>>> something working here.
>>>>>
>>>>> Solr: Yes i have installed MCF Solr plugin , put jar in SOlr , updated
>>>>> Solr schema with 4 additional fields & updated solrconfig.xml for
MCF
>>>>> request handler. I do have authenticated user which is querying the Solr
>>>>> for search results and no unauthenticated user will see the search page.
By
>>>>> getting authenticated user into solr query means adding user & his
>>>>> permissions into solr query using a filter or fields?
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>> On Wed, Jun 11, 2014 at 4:19 PM, Karl Wright <daddywri@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> About Alfresco: do you see any user security information in this
>>>>>> record?  I don't.  Without that iinformation, I don't see how security
can
>>>>>> be done.  Perhaps there's another way to get at it?
>>>>>>
>>>>>> About Solr:  Have you installed the appropriate ManifoldCF Solr
>>>>>> Plugin into your solr instance yet?  You drop down a jar, and then
you need
>>>>>> to include one of the plugin filtering classes in your query parsing
or
>>>>>> component processing chains in Solr.  You will also need a way of
getting
>>>>>> an authenticated user into your Solr query so that the plugin can
see it.
>>>>>>
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 11, 2014 at 11:08 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>> Sure Karl,
>>>>>>>
>>>>>>> I have invoked the REST based webscript @
>>>>>>> http://localhost:8080/alfresco/service/api/people/admin &
below are
>>>>>>> results in json.
>>>>>>>
>>>>>>> {
>>>>>>> 	"url": "\/alfresco\/service\/api\/person\/admin",
>>>>>>> 	"userName": "admin",
>>>>>>> 	"enabled": true,
>>>>>>> 	"firstName": "Administrator",
>>>>>>> 	"lastName": "",
>>>>>>> 	"jobtitle": null,
>>>>>>> 	"organization": null,
>>>>>>> 	"organizationId": "",
>>>>>>> 	"location": null,
>>>>>>> 	"telephone": null,
>>>>>>> 	"mobile": null,
>>>>>>> 	"email": "admin@alfresco.com",
>>>>>>> 	"companyaddress1": null,
>>>>>>> 	"companyaddress2": null,
>>>>>>> 	"companyaddress3": null,
>>>>>>> 	"companypostcode": null,
>>>>>>> 	"companytelephone": null,
>>>>>>> 	"companyfax": null,
>>>>>>> 	"companyemail": null,
>>>>>>> 	"skype": null,
>>>>>>> 	"instantmsg": null,
>>>>>>> 	"userStatus": null,
>>>>>>> 	"userStatusTime": null,
>>>>>>> 	"googleusername": null,
>>>>>>> 	"quota": -1,
>>>>>>> 	"sizeCurrent": 0,
>>>>>>> 	"emailFeedDisabled": false,
>>>>>>> 	"persondescription": null
>>>>>>> ,
>>>>>>> 	"capabilities":
>>>>>>> 	{
>>>>>>> 		"isMutable":
>>>>>>> 		true
>>>>>>> 				,"isGuest":
>>>>>>> 		false
>>>>>>> 				,"isAdmin":
>>>>>>> 		true
>>>>>>> 			}
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> Also i am able to index ACL for Sharepoint & Shared Drive
into solr, can you guide me how can i use them while searching content from these both repositories?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Do i need to add another filter to my query for same? If so what
should be the name of filter?
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 11, 2014 at 3:34 PM, Karl Wright <daddywri@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> Looking at more up-to-date documentation here:
>>>>>>>> http://docs.alfresco.com/4.2/references/RESTful-PersonPersonGet.html
>>>>>>>>
>>>>>>>> It would be great if you could try this operation with a
known user
>>>>>>>> against an Alfresco implementation, and see what you get
back in the user
>>>>>>>> JSON.  I think you could take these steps:
>>>>>>>>
>>>>>>>> (1) Use a browser session to log into your alfresco instance
UI
>>>>>>>> (2) Construct the described URL above in the same browser's
URL
>>>>>>>> field, and fire it off
>>>>>>>> (3) Send me the resulting JSON
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>> Karl
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jun 11, 2014 at 6:22 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Looking at the REST api, it seems like it is not a true
stateless
>>>>>>>>> REST api.  Apparently, there is a session cookie required
(?).  For
>>>>>>>>> example, see:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://docs.alfresco.com/4.0/references/RESTful-RepositoryLoginticketGet.html
>>>>>>>>>
>>>>>>>>> That will (somewhat) complicate things; it's decidedly
>>>>>>>>> non-standard.
>>>>>>>>> Also, I don't see any way still to get access tokens
given a user:
>>>>>>>>>
>>>>>>>>> http://docs.alfresco.com/4.0/references/RESTful-Person.html
>>>>>>>>>
>>>>>>>>> Do you see any way to do this?
>>>>>>>>>
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Jun 11, 2014 at 5:24 AM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Thanks Karl,
>>>>>>>>>>
>>>>>>>>>> Sadly this confirms that neither CMIS nor Alfresco
connectors
>>>>>>>>>> support ACL indexing and storage. I checked into
Alfresco connector code
>>>>>>>>>> but nothing has been mentioned about ACL indexing
& storage.
>>>>>>>>>>
>>>>>>>>>> Next alfresco does support REST based API very well
and infact
>>>>>>>>>> REST is used in Alfresco all over the place. So we
can definitely write
>>>>>>>>>> some better stuff here. For documentation around
REST usage in alfresco,
>>>>>>>>>> please refer to below URLs. Latest version of alfresco
is 4.2 and a lot has
>>>>>>>>>> been changed into it for almost everything to make
things simpler and
>>>>>>>>>> efficient.
>>>>>>>>>>
>>>>>>>>>> http://docs.alfresco.com/4.0/concepts/API-intro-4.html
>>>>>>>>>> http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference
>>>>>>>>>>
>>>>>>>>>> These pretty much cover features provided by REST
into alfresco
>>>>>>>>>> and we can definitely start from here & do let
me know for any more
>>>>>>>>>> documentation. Every alfresco instance supports REST
based processing so
>>>>>>>>>> testing REST is not a tedious task.
>>>>>>>>>>
>>>>>>>>>> In the meantime i am checking GitHub to find if something
is
>>>>>>>>>> already available.
>>>>>>>>>>
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Jun 11, 2014 at 9:50 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> The best way to start is to describe the Alfresco
server you are
>>>>>>>>>>> trying to crawl.  What version?  It matters a
lot, as you will read below.
>>>>>>>>>>>
>>>>>>>>>>> The Alfresco connector was originally submitted
by Piergiorgio
>>>>>>>>>>> Lucidi under the direction of SourceSense.  My
understanding is that he had
>>>>>>>>>>> no trouble getting access tokens with the connector,
but unfortunately on
>>>>>>>>>>> the other end (mapping users to access tokens)
the original Alfresco API's
>>>>>>>>>>> didn't do this.  Since then, I believe, Alfresco
has completely revamped
>>>>>>>>>>> their API's, and they have a REST-style API available
to do the job (or so
>>>>>>>>>>> I am told).  A company called Zaizi did some
work on it and was supposed to
>>>>>>>>>>> contribute the updated connector, but for two
releases that hasn't
>>>>>>>>>>> happened.  But it is possible that the connector
is in GitHub somewhere?
>>>>>>>>>>>
>>>>>>>>>>> In short, Alfresco is a bit of a mess, and I
would very much
>>>>>>>>>>> like to get it repaired to a point where it is
usable fully.
>>>>>>>>>>>
>>>>>>>>>>> If your instance has the REST API, and you can
provide me with
>>>>>>>>>>> the REST API documentation for your Alfresco
instance, I am happy to set up
>>>>>>>>>>> a branch to build an Alfresco REST connector
from scratch (provided it
>>>>>>>>>>> looks like everything works the way it is supposed
to).  Building a
>>>>>>>>>>> connector in this way will take usually a couple
of weeks, and you MUST
>>>>>>>>>>> have access to the instance you are trying to
crawl, and be willing to test
>>>>>>>>>>> the connector against it and reiterate.  There
is a chance we'd fail, but
>>>>>>>>>>> with the documentation available in advance,
the chances of that would be
>>>>>>>>>>> low.
>>>>>>>>>>>
>>>>>>>>>>> Thoughts?
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Jun 11, 2014 at 1:58 AM, lalit jangra
<
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>
>>>>>>>>>>>> So its a show stopper now.
>>>>>>>>>>>>
>>>>>>>>>>>> As a fallback mechanism, i am looking for
alfresco only
>>>>>>>>>>>> connector for ACL storing mechanism but can
you confirm if alfresco
>>>>>>>>>>>> specific connector supports this feature
or not.
>>>>>>>>>>>>
>>>>>>>>>>>> And finally if no all the ways, what would
be the optimum way
>>>>>>>>>>>> to start implementing the same.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Jun 11, 2014 at 12:47 AM, Karl Wright
<
>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> CMIS does not give a way for a user to
query for ACLs, so
>>>>>>>>>>>>> repository document security is not supported
for that connector.
>>>>>>>>>>>>> Documents indexed by CMIS are thus "wide
open" and will not be restricted
>>>>>>>>>>>>> from being searchable by anybody.
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is, unfortunately, a limitation
of CMIS -- at least, CMIS
>>>>>>>>>>>>> at the time the connector was implemented.
 Feel free to submit patches to
>>>>>>>>>>>>> add security to the connector if the
spec has evolved to the point where it
>>>>>>>>>>>>> is possible.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 6:38 PM, lalit
jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> As per your suggestions, i am able
to see ACLs into solr
>>>>>>>>>>>>>> index (I made stored="true" for ACLs
in schema.xml) as below. I can see
>>>>>>>>>>>>>> permissions for Sharepoint as well
as shared drive but for CMIS, i am not
>>>>>>>>>>>>>> able to see any permissions apart
from default stored. Am i missing
>>>>>>>>>>>>>> anything in CMIS?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> *Sharepoint*:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>       },
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>       {
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GRestricted+Readers",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GHierarchy+Managers",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GApprovers",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GViewers",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "SP+Group:GDesigners"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> *Share Drive:*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>       {
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "content_name": "hello.txt",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "content_modifier": "lalitjangra",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>                "id": "
>>>>>>>>>>>>>> file://///SDD/lalit/manifoldtest/hekko.txt",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "AD+Group:S-1-5-18",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "AD+Group:S-1-1-0",
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>  *CMIS *:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>                 "allow_token_share":
[
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>         ]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 5:13 PM,
Karl Wright <
>>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> You always use the Active Directory
authority for Windows
>>>>>>>>>>>>>>> shared drive authorization. 
But you do not for SharePoint; you typically
>>>>>>>>>>>>>>> use SharePoint/Native and SharePoint/AD.
 You therefore should have a
>>>>>>>>>>>>>>> second authority group for SharePoint
that is distinct from the one for
>>>>>>>>>>>>>>> Windows.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Each access token is qualified
with the name of the
>>>>>>>>>>>>>>> ManifoldCF authority group, so
there is never any chance that they will
>>>>>>>>>>>>>>> collide.  So it is perfectly
fine to have multiple authority groups in a
>>>>>>>>>>>>>>> single installation, in fact
we'd expect you to.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> As for the Solr plugin, you can
either download it here:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> http://manifoldcf.apache.org/en_US/download.html
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ... or you will find that it
is there in the bin
>>>>>>>>>>>>>>> distribution already, under the
"integration" directory.  Please have a
>>>>>>>>>>>>>>> look and read the README.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 11:41
AM, lalit jangra <
>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com>
wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I am having two content repositories
based on active
>>>>>>>>>>>>>>>> directory authentication
: SharePoint 2010 and Windows Share Drive, so i am
>>>>>>>>>>>>>>>> using active directory as
authority type in authority connection. All my
>>>>>>>>>>>>>>>> connections are working fine
as well as job is running good but i am still
>>>>>>>>>>>>>>>> not able to see any ACL information
in solr.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Do i need to enable any configuration
in solr to see the
>>>>>>>>>>>>>>>> same?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Also by Solr Plugin, is it
a jar or connector which needs
>>>>>>>>>>>>>>>> to be placed inside solr
application server or is it that i need to write
>>>>>>>>>>>>>>>> custom code to make search
query permission aware?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Can you please guide?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Tue, Jun 10, 2014 at 1:59
PM, Karl Wright <
>>>>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> (1) You need first to
specify "SharePoint Native" as the
>>>>>>>>>>>>>>>>> authority type in your
SharePoint repository connection.  You'd use "Active
>>>>>>>>>>>>>>>>> directory" as the authority
type only if you were using the "Active
>>>>>>>>>>>>>>>>> directory" authority.
 To be precise:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> - If you are using "SharePoint/Native",
"SharePoint/AD",
>>>>>>>>>>>>>>>>> or any combination of
these for your authority group, use "SharePoint
>>>>>>>>>>>>>>>>> native" authority type
>>>>>>>>>>>>>>>>> - If you are using "Active
Directory", use "Active
>>>>>>>>>>>>>>>>> directory" as your authority
type
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> (2) You should see acl
information get posted to Solr if
>>>>>>>>>>>>>>>>> you have everything configured
right.
>>>>>>>>>>>>>>>>> (3) On the Solr side,
you need to install and configure
>>>>>>>>>>>>>>>>> the appropriate Solr
plugin.  Each plugin comes with a README, which
>>>>>>>>>>>>>>>>> describes how to set
up the schema on Solr to support security.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Tue, Jun 10, 2014
at 8:51 AM, lalit jangra <
>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com>
wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I am working on Apache
MCF 1.5.1 indexing Sharepoint 2010
>>>>>>>>>>>>>>>>>> repository storing
index in Solr 4.6.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> For permissions,
i followed below steps.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 1. Created a new
authority group called "SharePoint
>>>>>>>>>>>>>>>>>> Group" in MCF.
>>>>>>>>>>>>>>>>>> 2. Created a new
User Mapping connection called
>>>>>>>>>>>>>>>>>> "SharePoint User
Mapping" using authority group "SharePoint Group" in step
>>>>>>>>>>>>>>>>>> 1. For user mapping,
i used "Regular Expression" mapping and used default
>>>>>>>>>>>>>>>>>> expressions.When
i save it, it says "Connection Working".
>>>>>>>>>>>>>>>>>> 3. Created a new
Authority connection called "SharePoint
>>>>>>>>>>>>>>>>>> Authority Connection"
and using "SharePoint Group"as in step1 as authority
>>>>>>>>>>>>>>>>>> group type, using
"SharePoint User Mapping" as prerequisite, using my own
>>>>>>>>>>>>>>>>>> domain controller
and other related details. When i save it, it says
>>>>>>>>>>>>>>>>>> "Connection Working".
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Next i have created
a new repository connection for
>>>>>>>>>>>>>>>>>> SharePoint called
"SharePoint Connection" selecting authority group called
>>>>>>>>>>>>>>>>>> "SharePoint Group"
 from pull down list ,  providing all relevant details
>>>>>>>>>>>>>>>>>> for server , and
choosing authority type as "Active Directory". On saving,
>>>>>>>>>>>>>>>>>> it worked fine without
any error.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Finally i created
a new SharePoint job providing
>>>>>>>>>>>>>>>>>> following details.
>>>>>>>>>>>>>>>>>> 1. Connections :
repository connection as "SharePoint
>>>>>>>>>>>>>>>>>> Connection" and output
connection as "Solr Connection".
>>>>>>>>>>>>>>>>>>  2. Choosing paths
for document library, shared
>>>>>>>>>>>>>>>>>> documents, announcements
& lists.
>>>>>>>>>>>>>>>>>> 3. Selecting all
metadata in metadata tab selecting all
>>>>>>>>>>>>>>>>>> metadata.
>>>>>>>>>>>>>>>>>> 4. Mapped required
metadata fields to solr schema fields.
>>>>>>>>>>>>>>>>>> 4. Enabled the security.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Now i started the
job and i can see SharePoint content
>>>>>>>>>>>>>>>>>> getting indexed and
stored in solr. I can verify it using solr admin query
>>>>>>>>>>>>>>>>>> console.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> But i am not seeing
any additional ACL information. How
>>>>>>>>>>>>>>>>>> can i verify that
ACL & permission information is also stored in Solr. Do i
>>>>>>>>>>>>>>>>>> need to change Solr
configurations also?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Please help.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>

Mime
View raw message