manifoldcf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache Connectors Framework > FAQ
Date Wed, 11 Apr 2012 08:55:00 GMT
Space: Apache Connectors Framework (
Page: FAQ (

Comment added by Karl Wright:

First, for questions of this complexity you would be better advised to post to the
list instead of dropping a comment in this FAQ.  It's easy to sign up; the web site tells
you how.  See for more details.

A quick answer, though, is that ManifoldCF's authority connector is not currently implemented
to handle multiple related domains.  You certainly don't want to try implementing a multi-domain
solution any other way, either.  But this is exactly the kind of improvement the team would
be interested in implementing.

My suggestion is therefore to create a ticket in Apache jira (at
describing your domain setup in some detail, especially how the domains relate to one another,
and the discussion can move to comments for that ticket.

In reply to a comment by $action.getUserFullName($parentComment.creatorName):
I've got ManifoldCF configured with a SharePoint repository connector and a Solr outpur connector.

I'm using the ManifoldCF security search component to authorise users for search results.

The problem is that I have _2_ Active Directory domains that I need to use for authorisation
(one is for internal users, the other for extranet users). So I've setup two Active Directory
authority connections, named 'Internal AD' and External AD'.

But I can't see how to get this working, as I can only specify a single authority for the
SharePoint repository connector.

If I select one of the AD authorities as the authority for the SharePoint repository connector,
then {{allow_token_document}} is always prefixed with the name of that authority, regardless
of the domain the user/group actually belongs to. This isn't going to work with the ManifoldCF
authority service, {{UserACLs}}, which prefixes SIDs with the name of the authority the SID
belongs to.

If I select 'None (Global Authority)' as the authority for the SharePoint repository connector
then {{allow_token_document}} is _not_ prefixed with the authority name, but of course those
returned by the ManifoldCF authority service, {{UserACLs}}, are still prefixed with the authority

I guess I could modify the ManifoldCF authority service, {{UserACLs}}, to take an extra parameter
that would alter the behaviour so it doesn't prefix SIDs with the authority name... but I'd
rather not be modifying the source if I can help it. Is there some way to achieve what I'm

Hope this all makes sense :)

Change your notification preferences:

View raw message