manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: ManifoldCF SharePoint/ActiveDirectory Authority Connection Issue
Date Thu, 14 May 2015 13:56:19 GMT
Hi Daniel,

We're not Active Directory experts here, but if you looked at the authority
connector code and saw what it did, you can readily see what the
capabilities and limitations are.  There's no magic around that you haven't
already found. ;-)

The authority *must* look up the user from one of the servers you give it,
in order.  There's nobody else for it to talk to.  The question is, does
Active Directory have the ability, given you are talking to Domain A
exclusively, to allow lookup for Domain B user information via Domain A?
If you can find a way, we're happy to add that as a capability to the
authority.

Karl


On Thu, May 14, 2015 at 9:30 AM, Thomas Daniel <Daniel.Thomas@uk.fujitsu.com
> wrote:

> Hi,
>
>
>
> We are using ManifoldCF and Solr in a Microsoft Windows environment.
>
> We have an issue trying to search for documents from Solr when we have
> users from other domains.
>
> We have two domains, one where everything is running in (Domain A) and one
> where our users are (Domain B). The 2 windows domains trust each other.
>
> We are placing users from Domain B into groups in Domain , which is where
> our problem is.
>
>
>
> We have ManifoldCF 2.0.1 indexing Microsoft SharePoint 2013, and think
> there is an issue with our authority set up (using a SharePoint/AD
> authority connection to the Domain Controller in ‘Domain A’).
>
> We are not able to add a connection to ‘Domain B’, as we don’t have access
> to it directly.
>
> We are putting a user from ‘Domain B’ into the above AD group in ‘Domain
> A’.
>
> Within SP2013 we have an  AD group from ‘Domain A’ inside a SP2013 group,
> the SharePoint group has permission granted to read document libraries and
> various lists.
>
>
>
> To double check the result, we used the authority service and we get
> a ‘user not found’ error.
>
> If we try to look for user@domainB, domain B is not the suffix defined
> for the DC we are connecting to. And if we say user@domainA, then it
> wouldn’t be looking for the right user.
>
> Also, having a look at the code, it seems the authority connector only
> looks for objects of type ‘user’.
>
> Our best guess is that as our users are from a different domain, they will
> be a ‘ForeignSecurityPrincipal’ object, and therefore not found by the
> connector?
>
> Our users have the correct access rights to SharePoint itself, and the can
> view content and sites. We have had this configuration working with users
> from ‘Domain A’ previously, so we know our general configuration works.
>
>
>
> Is there any way to configure ManifoldCF to find users who are members of
> a permitted group in one domain when the users themselves belong to a
> trusted domain?
>
>
>
> Thanks in advance for any help.
>
>
>
> Kind regards,
>
> *Daniel Thomas*
> Software Developer
>
> *Fujitsu*
> Viables Ind. Est., Jays Close, Basingstoke, Hampshire, RG22 4BY
> Mob: +44 (0) 7867 897274
> Email: daniel.thomas@uk.fujitsu.com
> Web: http://uk.fujitsu.com
>
> [image: cid:image001.jpg@01D05A55.B5225330]
> <https://www.youtube.com/playlist?list=PLV493J-pTITeSWLKa-cxQ0QMLYy3h1dOT>
>
>
>
> [image: corp_covenant_EMAIL]
>
> *[image: youtube-icon.gif]* <http://www.youtube.com/user/fujitsuUK>*[image:
> Facebook-icon.gif]* <http://www.facebook.com/fujitsuuk> *[image:
> twitter-icon.gif]* <http://twitter.com/#!/fujitsu_uk> *[image:
> linkedin-icon.gif]*
> <http://www.linkedin.com/company/fujitsu-uk-and-ireland> *[image:
> blogger.png]* <http://blog.uk.fujitsu.com/> *[image:
> google-plus-icon.gif]* <https://plus.google.com/103287532874520008913/>
>
> Fujitsu is proud to partner with Action for Children
> <http://www.actionforchildren.org.uk/>
>
> P Please consider the environment - do you really need to print this
> email?
>
>
>
>
>
>
>
>
>
> Kind regards,
>
> *Daniel Thomas*
> Software Developer
> Defence & National Security
>
> *Fujitsu*
> Viables Ind. Est., Jays Close, Basingstoke, Hampshire, RG22 4BY
> Mob: +44 (0) 7867 897274
> Email: daniel.thomas@uk.fujitsu.com
> Web: http://uk.fujitsu.com
>
> [image: cid:image001.jpg@01D05A55.B5225330]
> <https://www.youtube.com/playlist?list=PLV493J-pTITeSWLKa-cxQ0QMLYy3h1dOT>
>
>
>
> [image: corp_covenant_EMAIL]
>
> *[image: youtube-icon.gif]* <http://www.youtube.com/user/fujitsuUK>*[image:
> Facebook-icon.gif]* <http://www.facebook.com/fujitsuuk> *[image:
> twitter-icon.gif]* <http://twitter.com/#!/fujitsu_uk> *[image:
> linkedin-icon.gif]*
> <http://www.linkedin.com/company/fujitsu-uk-and-ireland> *[image:
> blogger.png]* <http://blog.uk.fujitsu.com/> *[image:
> google-plus-icon.gif]* <https://plus.google.com/103287532874520008913/>
>
> Fujitsu is proud to partner with Action for Children
> <http://www.actionforchildren.org.uk/>
>
> P Please consider the environment - do you really need to print this
> email?
>
>
>
> Unless otherwise stated, this email has been sent from Fujitsu Services
> Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications
> Europe Limited, together "Fujitsu".
>
> This email is only for the use of its intended recipient. Its contents are
> subject to a duty of confidence and may be privileged. Fujitsu does not
> guarantee that this email has not been intercepted and amended or that it
> is virus-free.
>
> Fujitsu Services Limited, registered in England No 96056, registered
> office 22 Baker Street, London W1U 3BW.
>
> Fujitsu (FTS) Limited, registered in England No 03808613, registered
> office 22 Baker Street, London W1U 3BW.
>
> PFU Imaging Solutions Europe Limited, registered in England No 1578652,
> registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4
> 8FE.
>
> Fujitsu Telecommunications Europe Limited, registered in England No
> 2548187, registered office Solihull Parkway, Birmingham Business Park,
> Birmingham, B37 7YU.
>

Mime
View raw message