manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Which version of Solr have implements the Document Level Access Control
Date Thu, 05 May 2011 22:37:49 GMT
ok, if you try what I sent and it works, I will check it in.
Karl

On Thu, May 5, 2011 at 6:29 PM, Kadri Atalay <atalay.kadri@gmail.com> wrote:
> I'm assuming that since this is a Domain logon name, we don't need to add
> any escaping sequence, otherwise OS would reject it during authentication.
>
> Yes, you are right, userSID is needed, if user is not any part of group but
> still have access to document.
>
> On Thu, May 5, 2011 at 6:23 PM, Karl Wright <daddywri@gmail.com> wrote:
>>
>> Thanks - we do need the user sid, so I will put that back.
>>
>> Also, I'd like to ask what you know about escaping the user name in
>> this expression:
>>
>> String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName +
>> "))";
>>
>> It seems to me that there is probably some escaping needed, but I
>> don't know what style.  Do you think it is the same (C-style, with \
>> escape) as for the other case?
>>
>> Karl
>>
>> On Thu, May 5, 2011 at 6:20 PM, Kadri Atalay <atalay.kadri@gmail.com>
>> wrote:
>> > Hi Karl,
>> >
>> >     String returnedAtts[]={"tokenGroups"} is ONLY returning the
>> > memberGroups,
>> >
>> > C:\OPT>curl
>> >
>> > "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com"
>> > AUTHORIZED:TEQA-DC
>> > TOKEN:TEQA-DC:S-1-5-32-545
>> > TOKEN:TEQA-DC:S-1-5-32-544
>> > TOKEN:TEQA-DC:S-1-5-32-555
>> > TOKEN:TEQA-DC:S-1-5-21-
>> > 1212545812-2858578934-3563067286-1124
>> > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
>> > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
>> > TOKEN:TEQA-DC:S-1-1-0
>> >
>> > but,
>> >
>> > -    String returnedAtts[] = {"tokenGroups","objectSid"}; is returning
>> > memberGroups AND SID for that user.
>> >
>> > C:\OPT>curl
>> >
>> > "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com"
>> > AUTHORIZED:TEQA-DC
>> > TOKEN:TEQA-DC:S-1-5-32-545
>> > TOKEN:TEQA-DC:S-1-5-32-544
>> > TOKEN:TEQA-DC:S-1-5-32-555
>> > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124
>> > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
>> > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
>> > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480
>> > TOKEN:TEQA-DC:S-1-1-0
>> >
>> > Since we are only interested in the member groups, tokenGroups is
>> > sufficient, but if you also need user SID then you might keep the
>> > objectSID
>> > as well.
>> >
>> > Thanks
>> >
>> > Kadri
>> >
>> >
>> > On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddywri@gmail.com> wrote:
>> >>
>> >> I am curious about the following change, which does not seem correct:
>> >>
>> >>
>> >>     //Specify the attributes to return
>> >> -    String returnedAtts[] = {"tokenGroups","objectSid"};
>> >> +    String returnedAtts[]={"tokenGroups"};
>> >>     searchCtls.setReturningAttributes(returnedAtts);
>> >>
>> >> Karl
>> >>
>> >>
>> >> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.kadri@gmail.com>
>> >> wrote:
>> >> > Karl,
>> >> >
>> >> > The ActiveDirectoryAuthority.java is attached.
>> >> >
>> >> > I'm not sure about clicking "Grant ASF License", or how to do that
>> >> > from
>> >> > Tortoise.
>> >> > But, you got my consent for granting the ASF license.
>> >> >
>> >> > Thanks
>> >> >
>> >> > Kadri
>> >> >
>> >> >
>> >> > On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddywri@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> You may attach the whole ActiveDirectoryAuthority.java file to
the
>> >> >> ticket if you prefer.  But you must click the "Grant ASF License"
>> >> >> button.
>> >> >>
>> >> >> Karl
>> >> >>
>> >> >> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay
>> >> >> <atalay.kadri@gmail.com>
>> >> >> wrote:
>> >> >> > Karl,
>> >> >> >
>> >> >> > I'm using the Tortoise SVN, and new to SVN..
>> >> >> > Do you know how to do this with Tortoise ?
>> >> >> > Otherwise, I can just send the source code directly to you.
>> >> >> > BTW, there are some changes in the ParseUser method also,
you can
>> >> >> > see
>> >> >> > all
>> >> >> > when you run the diff.
>> >> >> >
>> >> >> > Thanks
>> >> >> >
>> >> >> > Kadri
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>

Mime
View raw message