manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <>
Subject Re: Two Active directory connections in Authority group
Date Tue, 28 Oct 2014 16:24:47 GMT
I should also add that it is really helpful for diagnosing problems of this
kind to use curl, e.g.:


... and see what gets returned.  If you see DEAD_AUTHORITY in the list of
acls, don't expect to see any documents from the associated authority group.


On Tue, Oct 28, 2014 at 12:09 PM, Karl Wright <> wrote:

> Hi Kambiz,
> The Active Directory authority is not an "additive" authority, so you
> cannot use it within the same authorization group with other authorities,
> and expect it to work cumulatively.  The reason is that when there is a
> problem (e.g. user not found or server unreachable), the authority asserts
> the "DEAD_AUTHORITY" token, which effectively disables any documents from
> being returned.  This is necessary whenever the repository has a security
> model that has "deny" tokens, and that's the case for most repositories
> secured by Active Directory.
> For this reason, we long ago added the ability to have multiple Active
> Directory domains within the same Active Directory authority.  This is what
> you should use, since it will behave in the manner you expect.
> Thanks,
> Karl
> On Tue, Oct 28, 2014 at 11:35 AM, Kambiz Niktabar <>
> wrote:
>> Hello,
>> I want to have two active directory connections (intranet and extranet
>> AD) in one Authority group but it seems it’s not working as expected. I’m
>> getting hits when I have only Intranet AD in the authority group and I got
>> zero hits when I add Extranet AD into the same authority group
>> I attached Solr log files for two scenarios.
>> Regards
>> Kambiz

View raw message