manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <>
Subject Re: Two Active directory connections in Authority group
Date Tue, 28 Oct 2014 16:09:09 GMT
Hi Kambiz,

The Active Directory authority is not an "additive" authority, so you
cannot use it within the same authorization group with other authorities,
and expect it to work cumulatively.  The reason is that when there is a
problem (e.g. user not found or server unreachable), the authority asserts
the "DEAD_AUTHORITY" token, which effectively disables any documents from
being returned.  This is necessary whenever the repository has a security
model that has "deny" tokens, and that's the case for most repositories
secured by Active Directory.

For this reason, we long ago added the ability to have multiple Active
Directory domains within the same Active Directory authority.  This is what
you should use, since it will behave in the manner you expect.


On Tue, Oct 28, 2014 at 11:35 AM, Kambiz Niktabar <>

> Hello,
> I want to have two active directory connections (intranet and extranet AD)
> in one Authority group but it seems it’s not working as expected. I’m
> getting hits when I have only Intranet AD in the authority group and I got
> zero hits when I add Extranet AD into the same authority group
> I attached Solr log files for two scenarios.
> Regards
> Kambiz

View raw message