manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: How to check Sharepoint ACLs into Solr using MCF 1.5.1.
Date Tue, 10 Jun 2014 22:38:03 GMT
Thanks Karl,

As per your suggestions, i am able to see ACLs into solr index (I made
stored="true" for ACLs in schema.xml) as below. I can see permissions for
Sharepoint as well as shared drive but for CMIS, i am not able to see any
permissions apart from default stored. Am i missing anything in CMIS?

*Sharepoint*:


        "allow_token_share": [

          "__nosecurity__"

        ],

        "deny_token_share": [

          "__nosecurity__"

        ]

      },

      {

        "content_name": "Alfresco-in-an-Hour.pdf"

        "deny_token_document": [

          "SP+Group:DEAD_AUTHORITY"

        ],

        "allow_token_document": [

          "SP+Group:GTest+lalit+Portal+Visitors",

          "SP+Group:GTest+lalit+Portal+Owners",

          "SP+Group:GRestricted+Readers",

          "SP+Group:GTest+lalit+Administrators",

          "SP+Group:GTest+lalit+Portal+Members",

          "SP+Group:Uc%3A0%28.s%7Ctrue",

          "SP+Group:GHierarchy+Managers",

          "SP+Group:GApprovers",

          "SP+Group:GViewers",

          "SP+Group:GDesigners"

        ],



*Share Drive:*

      {

        "deny_token_share": [

          "AD+Group:DEAD_AUTHORITY"

        ],

        "content_name": "hello.txt",

        "content_modifier": "lalitjangra",

        "deny_token_document": [

          "AD+Group:DEAD_AUTHORITY"

        ],

               "id": "file://///SDD/lalit/manifoldtest/hekko.txt",

        "allow_token_document": [

          "AD+Group:S-1-5-18",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",

          "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",

          "AD+Group:S-1-5-32-544"

        ],



        "allow_token_share": [

          "AD+Group:S-1-1-0",

          "AD+Group:S-1-5-32-544"

        ],



 *CMIS *:



                "allow_token_share": [

          "__nosecurity__"

        ],

        "deny_token_document": [

          "__nosecurity__"

        ],

        "deny_token_share": [

          "__nosecurity__"

        ],

        "allow_token_document": [

          "__nosecurity__"

        ]


Regards.


On Tue, Jun 10, 2014 at 5:13 PM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Lalit,
>
> You always use the Active Directory authority for Windows shared drive
> authorization.  But you do not for SharePoint; you typically use
> SharePoint/Native and SharePoint/AD.  You therefore should have a second
> authority group for SharePoint that is distinct from the one for Windows.
>
> Each access token is qualified with the name of the ManifoldCF authority
> group, so there is never any chance that they will collide.  So it is
> perfectly fine to have multiple authority groups in a single installation,
> in fact we'd expect you to.
>
> As for the Solr plugin, you can either download it here:
>
> http://manifoldcf.apache.org/en_US/download.html
>
> ... or you will find that it is there in the bin distribution already,
> under the "integration" directory.  Please have a look and read the README.
>
> Karl
>
>
>
> On Tue, Jun 10, 2014 at 11:41 AM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>> Thanks Karl,
>>
>> I am having two content repositories based on active directory
>> authentication : SharePoint 2010 and Windows Share Drive, so i am using
>> active directory as authority type in authority connection. All my
>> connections are working fine as well as job is running good but i am still
>> not able to see any ACL information in solr.
>>
>> Do i need to enable any configuration in solr to see the same?
>>
>> Also by Solr Plugin, is it a jar or connector which needs to be placed
>> inside solr application server or is it that i need to write custom code to
>> make search query permission aware?
>>
>> Can you please guide?
>>
>> Regards.
>>
>>
>> On Tue, Jun 10, 2014 at 1:59 PM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> (1) You need first to specify "SharePoint Native" as the authority type
>>> in your SharePoint repository connection.  You'd use "Active directory" as
>>> the authority type only if you were using the "Active directory"
>>> authority.  To be precise:
>>>
>>> - If you are using "SharePoint/Native", "SharePoint/AD", or any
>>> combination of these for your authority group, use "SharePoint native"
>>> authority type
>>> - If you are using "Active Directory", use "Active directory" as your
>>> authority type
>>>
>>> (2) You should see acl information get posted to Solr if you have
>>> everything configured right.
>>> (3) On the Solr side, you need to install and configure the appropriate
>>> Solr plugin.  Each plugin comes with a README, which describes how to set
>>> up the schema on Solr to support security.
>>>
>>> Thanks!
>>> Karl
>>>
>>>
>>>
>>> On Tue, Jun 10, 2014 at 8:51 AM, lalit jangra <lalit.j.jangra@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I am working on Apache MCF 1.5.1 indexing Sharepoint 2010 repository
>>>> storing index in Solr 4.6.
>>>>
>>>> For permissions, i followed below steps.
>>>>
>>>> 1. Created a new authority group called "SharePoint Group" in MCF.
>>>> 2. Created a new User Mapping connection called "SharePoint User
>>>> Mapping" using authority group "SharePoint Group" in step 1. For user
>>>> mapping, i used "Regular Expression" mapping and used default
>>>> expressions.When i save it, it says "Connection Working".
>>>> 3. Created a new Authority connection called "SharePoint Authority
>>>> Connection" and using "SharePoint Group"as in step1 as authority group
>>>> type, using "SharePoint User Mapping" as prerequisite, using my own domain
>>>> controller and other related details. When i save it, it says "Connection
>>>> Working".
>>>>
>>>> Next i have created a new repository connection for SharePoint called
>>>> "SharePoint Connection" selecting authority group called "SharePoint
>>>> Group"  from pull down list ,  providing all relevant details for server
,
>>>> and choosing authority type as "Active Directory". On saving, it worked
>>>> fine without any error.
>>>>
>>>> Finally i created a new SharePoint job providing following details.
>>>> 1. Connections : repository connection as "SharePoint Connection" and
>>>> output connection as "Solr Connection".
>>>>  2. Choosing paths for document library, shared documents,
>>>> announcements & lists.
>>>> 3. Selecting all metadata in metadata tab selecting all metadata.
>>>> 4. Mapped required metadata fields to solr schema fields.
>>>> 4. Enabled the security.
>>>>
>>>> Now i started the job and i can see SharePoint content getting indexed
>>>> and stored in solr. I can verify it using solr admin query console.
>>>>
>>>> But i am not seeing any additional ACL information. How can i verify
>>>> that ACL & permission information is also stored in Solr. Do i need to
>>>> change Solr configurations also?
>>>>
>>>> Please help.
>>>>
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>


-- 
Regards,
Lalit Jangra.

Mime
View raw message