manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: How to query for content with ACLs?
Date Sun, 15 Jun 2014 17:52:12 GMT
Thanks Karl,

I renamed authority group to avoid any spaces or special characters but
still i am bugged by deny_tokens. For repository connection, i am using
"Sharepoint" as authority type and for authority connection, i am using
"Sharepoint/ActiveDirectory" as connection type which seems to be fine
here. My user mapping connection converts from water.com\ljangra to
ljangra@water.com as per need.

Also one unusual thing i noticed now is that every time i am trying to
create new user mapping connection or edit existing one, it waits for very
long time and sometimes i need to redo it couple of time. Could it be any
relation here?

Solr.log after rendexing with deny token as DEAD_AUTHORITY.

INFO  - 2014-06-15 18:36:21.624;
org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
webapp=/solr path=/update/extract
params={literal.content_name=pptexamples.ppt&literal.deny_token_document=SPKWGroup:DEAD_AUTHORITY&literal.DocIcon=ppt&literal.content%3Aname=/pptexamples.ppt&
resource.name
=pptexamples.ppt&literal.allow_token_document=SPKWGroup:GApprovers&literal.allow_token_document=SPKWGroup:GDesigners&literal.allow_token_document=SPKWGroup:GHierarchy%2BManagers&literal.allow_token_document=SPKWGroup:GRestricted%2BReaders&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SPKWGroup:GViewers&literal.allow_token_document=SPKWGroup:Uc%253A0%2528.s%257Ctrue&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-50-1&literal.content%3Alink=
http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt&literal.content%3Aparent=testirishwaterportal/irish-water/DocumentLibrary&literal.content_size=1371648&literal.Edit=0&literal.id=http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt&literal.content%3AparentLink=http://testirishwaterportal/irish-water/DocumentLibrary&literal.LinkFilenameNoMenu=pptexamples.ppt&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-50-1,+N7JQZDZPVPT7-50-1&literal.Created=2014-06-04T16:55:09&literal._UIVersionString=1.0&literal.content%3Amimetype=application/vnd.ms-powerpoint&wt=xml&literal.Title=PPT+examples&literal.content%3Asource=Sharepoint&literal.Modified=2014-06-04T16:55:09&literal.Author=Lalit+Jangra&literal.LinkFilename=pptexamples.ppt&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ContentType=Document}
{add=[
http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt
(1470998806838378496)]} 0 1625

While querying for content using '/select' request handler

INFO  - 2014-06-15 18:38:03.957;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
to match docs for user '[:ljangra@iwater.ie]'

INFO  - 2014-06-15 18:38:04.363;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SPKWConnection

INFO  - 2014-06-15 18:38:04.363; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={debugQuery=true&indent=true&q=*:*&_=1402853883932&wt=json&AuthenticatedUserName=
ljangra@iwater.ie} hits=0 status=0 QTime=406



My authority tokens in MCF


AUTHORIZED:SPKWConnection

TOKEN:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619

TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813

TOKEN:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149

TOKEN:SPKWGroup:Uc%3A0%21.s%7Cwindows


No mention of any deny_token but still while querying, i am getting same
results with one allow token & one deny token which supersedes allow token
giving me no results.

"parsed_filter_queries": [

      "ConstantScore(+((+allow_token_share:__nosecurity__
+deny_token_share:__nosecurity__)
allow_token_share:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_share:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_share:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_share:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_share:SPKWGroup:Uc%3A0%21.s%7Cwindows
-deny_token_share:SPKWGroup:Uc%3A0%21.s%7Cwindows)
+((+allow_token_document:__nosecurity__
+deny_token_document:__nosecurity__)
allow_token_document:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_document:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_document:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_document:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_document:SPKWGroup:Uc%3A0%21.s%7Cwindows
-deny_token_document:SPKWGroup:Uc%3A0%21.s%7Cwindows))"

Sincere Regards.

On Sun, Jun 15, 2014 at 1:04 PM, Karl Wright <daddywri@gmail.com> wrote:

> If I'm right, the interim solution would be to just rename your authority
> group to something that does not have characters that need escaping in
> them.  If that works, then we know what the issue is, and I'll open a
> ticket and try to find a solution.
>
> Thanks,
> Karl
>
>
>
> On Sun, Jun 15, 2014 at 8:01 AM, Karl Wright <daddywri@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> I'm sorry, I was confused.
>>
>> The document ingest you included had only ONE deny_token_document value:
>> literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY .
>>
>> So even though you see a deny_token_document clause in the Solr query
>> expression, it will not match *unless* your user has a DEAD_AUTHORITY
>> token.  So that is not the problem.
>>
>> But what I do see is the following:
>>
>> SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>
>> Note the prefix; the prefix when indexing is SP%2BKW, while the prefix
>> when searching is SP+KW.  I had discounted that because the [INFO] log from
>> Solr is logging a URL and it is therefore URL encoded -- but it is possible
>> now that since Solr no longer has Jetty involved, it may not be unencoding
>> SP%2BKW back to SP+KW properly.  What do you see for the ACL field values
>> in Luke?  Are they SP+KW?
>>
>> Karl
>>
>>
>>
>>
>>
>>
>>
>>
>> On Sun, Jun 15, 2014 at 7:48 AM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> Ok, I think that everything on your end is now set up correctly.
>>>
>>> You should be able to see Windows documents on your search, if I am
>>> correct.  Do you see any?
>>>
>>> As for SharePoint, when a user has a deny token in ManifoldCF it takes
>>> precedence over any allow tokens.  But SharePoint does not current generate
>>> *any* deny tokens; it doesn't have those in the model.  So I'm wondering
>>> where those are coming from, and if there's a bug of some kind.
>>>
>>> Let me do some research and get back to you.
>>>
>>> Karl
>>>
>>>
>>>
>>> On Sun, Jun 15, 2014 at 5:56 AM, lalit jangra <lalit.j.jangra@gmail.com>
>>> wrote:
>>>
>>>> Hi Karl,
>>>>
>>>> My sincere apologies for going out a context here as i was confused &
>>>> my limited knowledge of sharepoint and ACLs.
>>>>
>>>> After spending two more days and setting up everything from scratch
>>>> couple of times, i am back into square one. The only thing which i could
>>>> observe is that while indexing content into solr , i could see all ACL are
>>>> getting indexed correctly.
>>>>
>>>>
>>>> params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
>>>> resource.name
>>>> =Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
>>>> http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
>>>> {add=[
>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
>>>> (1470968440371019776)]} 0 922
>>>>
>>>> INFO  - 2014-06-15 10:33:54.343;
>>>> org.apache.solr.update.DirectUpdateHandler2; start
>>>> commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
>>>>
>>>>
>>>> While searching in solr using '/select' query handler after updating it
>>>> using fq={!manifoldCFSecurity}, i could not see any content while passing
>>>> correct value for AuthenticatedUserName but while debugging it using
>>>> '/select' query handler, i could see extra deny tokens attached,which i
>>>> doubt are the reason behind no results showing up.
>>>>
>>>>
>>>> Highlight from solr.log, its fine as i can see which are fine and user
>>>> passing authority test.
>>>>
>>>>
>>>> INFO  - 2014-06-15 10:42:15.446;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>> to match docs for user '[:ljangra@iwater.ie]'
>>>>
>>>> INFO  - 2014-06-15 10:42:15.649;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>> authority response AUTHORIZED:SP+K+Conn
>>>>
>>>> INFO  - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
>>>> [collection1] webapp=/solr path=/select
>>>> params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
>>>> ljangra@iwater.ie} hits=0 status=0 QTime=203
>>>>
>>>> Debugging results for '/select' search query handler.
>>>>
>>>> "parsed_filter_queries": [
>>>>       "ConstantScore(+((+allow_token_share:__nosecurity__
>>>> +deny_token_share:__nosecurity__)
>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>> +((+allow_token_document:__nosecurity__
>>>> +deny_token_document:__nosecurity__)
>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>
>>>> E.g. Here you can see allow token as
>>>> "allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>>>> but at the same time there is additional dent token
>>>> "-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>>>> which has minus sign prefixed to it. Here i assume that these are
>>>> cancelling each other that is why i can not see any results returned. Else
>>>> i could not find any discrepancy anywhere.
>>>>
>>>> While i am working on this, your valuable guidance will prove to be
>>>> light at the end of tunnel.
>>>>
>>>> Waiting for reply.
>>>>
>>>> My Sincere Regards.
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <daddywri@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> I am not a Solr expert; Ahmet is a better resource for how to
>>>>> configure Solr.  He has already furnished good advice on how to do that,
>>>>> and you have at one point showed us queries that included the appropriate
>>>>> access tokens in them so I know you had it working at one point.
>>>>>
>>>>> This is not rocket science, and all the components seem to be working
>>>>> as designed.  You will have to put in some care and time getting your
>>>>> configuration right.  Retrace your steps or start fresh if you have to.  We
>>>>> really can't give you any more advice from here; things seem to be working
>>>>> and then not working and then working again, and I suspect that you are
>>>>> basically hacking away at your configuration without understanding at all
>>>>> what you are doing.  So slow down, keep more careful notes, and review
>>>>> these emails.
>>>>>
>>>>> Thanks,
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Hi Karl,
>>>>>>
>>>>>> I have tried with /select, /query & /search but not getting
>>>>>> appropriate results. Which query handler should i use here.
>>>>>>
>>>>>> I am also attaching solrconfig.xml.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> You are going through the wrong query handler again:
>>>>>>>
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>>>> product of:\n  1.0 = queryNorm\n",
>>>>>>>       "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>>>> product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>>>       "
>>>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n"
>>>>>>>
>>>>>>>
>>>>>>> The Solr plugin query modification is not happening; it doesn't seem
>>>>>>> to be getting applied now.  It was earlier, you must have turned it off.
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Thanks Karl,
>>>>>>>>
>>>>>>>> After resetting everything again, now i could see content with ACL
>>>>>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>>>>>> attaching solr.log.
>>>>>>>>
>>>>>>>> But still i am not able to see any content using /select query
>>>>>>>> handler & attached Select.log for same.
>>>>>>>>
>>>>>>>> While using /query request handler, i can see results with ACL but
>>>>>>>> whatever name i provide, it returns all results so effectively ACL not
>>>>>>>> working, attached Query.log for same.
>>>>>>>>
>>>>>>>> Can you please guide.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <daddywri@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I wonder if this is a Luke bug?
>>>>>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>>>>>> display.  That is the only thing that's making any sense to me at the
>>>>>>>>> moment.
>>>>>>>>>
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>>>>>> query generator is working properly too.  Only the acls are messed up.
>>>>>>>>>>
>>>>>>>>>> This is the interesting bit:
>>>>>>>>>>
>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>
>>>>>>>>>>           "SP+KW:"]
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> It looks like a blank access token is being fetched for this list
>>>>>>>>>> item, which does not make any sense to me.  And yet we saw access tokens
>>>>>>>>>> before, correct?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> It is clear that your access tokens have not been actually
>>>>>>>>>>> indexed.  But I remember seeing that they were correctly posted to Solr.
>>>>>>>>>>> So now I am confused.
>>>>>>>>>>>
>>>>>>>>>>> Can you please do the following:
>>>>>>>>>>> - Click the "reindex all documents" button in the MCF view page
>>>>>>>>>>> for your output connection
>>>>>>>>>>> - Start your job
>>>>>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>>>>>
>>>>>>>>>>> When that is done, if what is posted looks correct, you SHOULD
>>>>>>>>>>> have a Solr index that has ACLs in it.
>>>>>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Again,
>>>>>>>>>>>>
>>>>>>>>>>>> I used /query for debugging & using
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>>> <http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@iwater.ie>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> <http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@iwater.ie>I
>>>>>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>
>>>>>>>>>>>>           "SP+KW:DEAD_AUTHORITY"
>>>>>>>>>>>>
>>>>>>>>>>>>         ],
>>>>>>>>>>>>
>>>>>>>>>>>>         "id": "
>>>>>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>>>>>> ",
>>>>>>>>>>>>
>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>
>>>>>>>>>>>>           "SP+KW:"
>>>>>>>>>>>>
>>>>>>>>>>>>         ],
>>>>>>>>>>>>
>>>>>>>>>>>>         "content": [
>>>>>>>>>>>>
>>>>>>>>>>>>           " \n \n  \n  \n  \n  \n  \n  \n  \n \n   "
>>>>>>>>>>>>
>>>>>>>>>>>>         ],
>>>>>>>>>>>>
>>>>>>>>>>>>         "_version_": 1470790301540941800,
>>>>>>>>>>>>
>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>
>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>
>>>>>>>>>>>>         ],
>>>>>>>>>>>>
>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>
>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>
>>>>>>>>>>>>         ]
>>>>>>>>>>>>       }
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <
>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi  Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>>>>>
>>>>>>>>>>>>> I configure /select request handler (RH) with mcfQParser,
>>>>>>>>>>>>> intended to use in production, default RH.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I also use /query RH without mcfQParser, for debugging
>>>>>>>>>>>>> purposes.
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ahmet
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>   On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Thanks Karl,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As i could not see any document in solr query, i used Luke to
>>>>>>>>>>>>> open index and i could see below values for all MCF plugin fields for all
>>>>>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>>>>>
>>>>>>>>>>>>> allow_token_document  = SP+KW:
>>>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>>> deny_token_document  = SP+KW:DEAD_AUTHORITY
>>>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>>>
>>>>>>>>>>>>> I think something or a lot of things missing here. I am
>>>>>>>>>>>>> attaching zip of solr index(very small one with 10 documents from
>>>>>>>>>>>>> sharepoint) here. Please guide.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <
>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>>>>>> indexed with your documents?  The only other potential issue might be that
>>>>>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>>>>>> as your authority connections.  In that case, the indexed authority tokens
>>>>>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>>>>>> other).
>>>>>>>>>>>>>
>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Again,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As per Karl's suggestion, i am now converting user from
>>>>>>>>>>>>> water.com\ljangra to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> <http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@iwater.ie>
>>>>>>>>>>>>> I can see below ACL.
>>>>>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>>
>>>>>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>>>> <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@iwater.ie>
>>>>>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>>>>>>       "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>>>>>>     ],
>>>>>>>>>>>>>
>>>>>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>>>>>
>>>>>>>>>>>>> INFO  - 2014-06-13 11:38:19.862;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>>>> INFO  - 2014-06-13 11:38:19.909;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>>>>>> INFO  - 2014-06-13 11:38:19.909;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <
>>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> It makes more sense to use appends section rather than
>>>>>>>>>>>>> defaults section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>>>>  <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>> </lst>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>   On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Hi Ahmet,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>>>     <!-- default values for query parameters can be specified,
>>>>>>>>>>>>> these
>>>>>>>>>>>>>          will be overridden by parameters in the request
>>>>>>>>>>>>>       -->
>>>>>>>>>>>>>      <lst name="defaults">
>>>>>>>>>>>>>        <str name="echoParams">explicit</str>
>>>>>>>>>>>>>        <int name="rows">1000</int>
>>>>>>>>>>>>>        <str name="df">text</str>
>>>>>>>>>>>>>        <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>>      </lst>
>>>>>>>>>>>>> ....
>>>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Next i am running a job which indexes sharepoint content in
>>>>>>>>>>>>> solr but when i am searching in solr, i am getting not results & getting
>>>>>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>>>>>
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.944;
>>>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>>>>>> commits: num=2
>>>>>>>>>>>>>
>>>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>>>>>
>>>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.944;
>>>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.960;
>>>>>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>>>>>> main
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] Registered new searcher
>>>>>>>>>>>>> Searcher@5ac787b0
>>>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>>>>>> {commit=} 0 265
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:35.663;
>>>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>>>>>> QTime=0
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:35.741;
>>>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:36.960;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>>>>>> no-user response (open documents only)
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:36.976;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:40.569;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:40.726;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>>>>>> INFO  - 2014-06-12 22:22:40.726;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>>>>>
>>>>>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found
>>>>>>>>>>>>> to be unreachable or unusable but i am having same authority working fine
>>>>>>>>>>>>> in MCF.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <
>>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Karl,
>>>>>>>>>>>>>
>>>>>>>>>>>>> May be we should use
>>>>>>>>>>>>>
>>>>>>>>>>>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>>>
>>>>>>>>>>>>> in
>>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>>>
>>>>>>>>>>>>> To avoid confusion?
>>>>>>>>>>>>>
>>>>>>>>>>>>> What do you think?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>   On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I tried the way you suggested but its not working. My solr
>>>>>>>>>>>>> query is as below.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>>>>>
>>>>>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it
>>>>>>>>>>>>> returning all results.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>>>>>> instructions @
>>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>>>>>
>>>>>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>         ]
>>>>>>>>>>>>>       },
>>>>>>>>>>>>>       {
>>>>>>>>>>>>>         "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>           "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>>>>           "SP+Group:GRestricted+Readers",
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>>>>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>>>>           "SP+Group:GHierarchy+Managers",
>>>>>>>>>>>>>           "SP+Group:GApprovers",
>>>>>>>>>>>>>           "SP+Group:GViewers",
>>>>>>>>>>>>>           "SP+Group:GDesigners"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                   SDD
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                    "_version_": 1470564182244982800
>>>>>>>>>>>>>       },
>>>>>>>>>>>>>       {
>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "content_name": "hekko.txt",
>>>>>>>>>>>>>         "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>                "id": "
>>>>>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt
>>>>>>>>>>>>> ",
>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>           "AD+Group:S-1-5-18",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>>>           "AD+Group:S-1-1-0",
>>>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                 CMIS
>>>>>>>>>>>>>
>>>>>>>>>>>>>                 "allow_token_share": [
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>         ],
>>>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>>>         ]
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <
>>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As documented here
>>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>>>
>>>>>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in
>>>>>>>>>>>>> order"
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is a URL parameter, just like Solr params. Here is an
>>>>>>>>>>>>> example.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>   On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Hi All,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As continuing from
>>>>>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>>>>>> indexed into solr indexes.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Now i want to write Solr query to put a user's permission
>>>>>>>>>>>>> details into in it which can be compared to ACL stored in solr and only
>>>>>>>>>>>>> those results will be returned to user on which he has been assigned ACL.
>>>>>>>>>>>>>
>>>>>>>>>>>>> How can i do this?  Can i use MCF filter  below here or do i
>>>>>>>>>>>>> need to write custom query for my need?
>>>>>>>>>>>>>
>>>>>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>>>>>> default="true">
>>>>>>>>>>>>>   <lst name="appends">
>>>>>>>>>>>>>     <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>>   </lst>
>>>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>


-- 
Regards,
Lalit Jangra.

Mime
View raw message