manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: ManifoldCF authentication service accept only in form of a user pricipal name
Date Sun, 15 May 2016 16:41:45 GMT
Hi Silvio,

The "domain" argument to the authority service does not represent an Active
Directory domain.  It represents an MCF authorization domain, which is
described in the book and also in the other documentation.  This cannot be
used as an active directory domain.

>>>>>>
Unfortuanately, the elasticsearch plugin for Apache ManifoldCF
authentication service does not allow one to hand over a username in the
form of the user principal name, e.g.msi@ourdomian.com. This is due to the
fact that the @ sign is not allowed to be encoded in the user name.
<<<<<<

That's pretty surprising; the plugin has no character limits I am aware of
for user names, and I wrote it.  Perhaps you simply need to use proper URL
encoding practices in forming the URL you are invoking ElasticSearch with?

Karl


On Sun, May 15, 2016 at 11:39 AM, Silvio Meier <
silvio.r.meier@quantentunnel.de> wrote:

> Hi Apache ManifoldCF user list
>
> I’m experimenting with Apache ManifoldCF 2.3, Elasticsearch 1.74 and the
> corresponding Elasticsearch plugin (v 2.0.1) which I use to index the
> network Windows shares of our company.
> I set up Apache Manifold using authorization services together with an
> Active Directory.
>
> Using the Apache ManifoldCF authentication services with separated domain
> name and user name does somehow not work for our active directory
> configuration, so the when the following service call is made
> http://localhost:8081/mcf-authority-service/UserACLs?username=msi&domain=ourdomain.com
> , the authentication service does not return any ACL list. I tried to do
> different combinations of domain names or netbios names together with user
> names. Or just username without domain name. No success!
>
> However, the only thing that is working is when calling the authorization
> service with
> http://localhost:8081/mcf-authority-service/UserACLs?username=msi@ourdomain.com
> , i.e., using the user principal name as username.  In this case the
> service returns the correct set of ACLs.
>
> Unfortuanately, the elasticsearch plugin for Apache ManifoldCF
> authentication service does not allow one to hand over a username in the
> form of the user principal name, e.g. msi@ourdomian.com. This is due to
> the fact that the @ sign is not allowed to be encoded in the user name. My
> current work around (which works) is to adapt the elasticsearch plugin to
> accept the @ sign in the user name. However, this is not a nice solution.
> Is there a better (built-in) solution, or did I just something miss
> regarding the authencation service?
>
> Regards
> Silvio
>
>
>
>

Mime
View raw message