manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kadri Atalay <atalay.ka...@gmail.com>
Subject Re: Which version of Solr have implements the Document Level Access Control
Date Thu, 05 May 2011 22:43:04 GMT
It works, only difference I see with previous one is: if a domain is
reachable, message usernotfound makes a better indicator, somehow we lost
that.


C:\OPT>testauthority

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser"
UNREACHABLEAUTHORITY:TEQA-DC
TOKEN:TEQA-DC:DEAD_AUTHORITY

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser@fakedomain
"
UNREACHABLEAUTHORITY:TEQA-DC
TOKEN:TEQA-DC:DEAD_AUTHORITY

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser@teqa.filetek.com
"
UNREACHABLEAUTHORITY:TEQA-DC
TOKEN:TEQA-DC:DEAD_AUTHORITY

Previous one
C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser@teqa.filetek.com
"
USERNOTFOUND:TEQA-DC
TOKEN:TEQA-DC:DEAD_AUTHORITY


C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa
"
UNREACHABLEAUTHORITY:TEQA-DC
TOKEN:TEQA-DC:DEAD_AUTHORITY

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com
"
AUTHORIZED:TEQA-DC
TOKEN:TEQA-DC:S-1-5-32-545
TOKEN:TEQA-DC:S-1-5-32-544
TOKEN:TEQA-DC:S-1-5-32-555
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480
TOKEN:TEQA-DC:S-1-1-0

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=katalay@teqa.filetek.com
"
AUTHORIZED:TEQA-DC
TOKEN:TEQA-DC:S-1-5-32-545
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1473
TOKEN:TEQA-DC:S-1-1-0

C:\OPT>curl "
http://localhost:8345/mcf-authority-service/UserACLs?username=katalay@fakedomain
"
UNREACHABLEAUTHORITY:TEQA-DC
TOKEN:TEQA-DC:DEAD_AUTHORITY


On Thu, May 5, 2011 at 6:29 PM, Karl Wright <daddywri@gmail.com> wrote:

> I've cleaned things up slightly to restore the objectSid and also to
> fix an infinite loop ifyou have more than one comma in the escape
> expression.  I've attached the file, can you see if it works?
>
> Thanks,
> Karl
>
>
> On Thu, May 5, 2011 at 6:23 PM, Karl Wright <daddywri@gmail.com> wrote:
> > Thanks - we do need the user sid, so I will put that back.
> >
> > Also, I'd like to ask what you know about escaping the user name in
> > this expression:
> >
> > String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName +
> "))";
> >
> > It seems to me that there is probably some escaping needed, but I
> > don't know what style.  Do you think it is the same (C-style, with \
> > escape) as for the other case?
> >
> > Karl
> >
> > On Thu, May 5, 2011 at 6:20 PM, Kadri Atalay <atalay.kadri@gmail.com>
> wrote:
> >> Hi Karl,
> >>
> >>     String returnedAtts[]={"tokenGroups"} is ONLY returning the
> >> memberGroups,
> >>
> >> C:\OPT>curl
> >> "
> http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com
> "
> >> AUTHORIZED:TEQA-DC
> >> TOKEN:TEQA-DC:S-1-5-32-545
> >> TOKEN:TEQA-DC:S-1-5-32-544
> >> TOKEN:TEQA-DC:S-1-5-32-555
> >> TOKEN:TEQA-DC:S-1-5-21-
> >> 1212545812-2858578934-3563067286-1124
> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
> >> TOKEN:TEQA-DC:S-1-1-0
> >>
> >> but,
> >>
> >> -    String returnedAtts[] = {"tokenGroups","objectSid"}; is returning
> >> memberGroups AND SID for that user.
> >>
> >> C:\OPT>curl
> >> "
> http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com
> "
> >> AUTHORIZED:TEQA-DC
> >> TOKEN:TEQA-DC:S-1-5-32-545
> >> TOKEN:TEQA-DC:S-1-5-32-544
> >> TOKEN:TEQA-DC:S-1-5-32-555
> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124
> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480
> >> TOKEN:TEQA-DC:S-1-1-0
> >>
> >> Since we are only interested in the member groups, tokenGroups is
> >> sufficient, but if you also need user SID then you might keep the
> objectSID
> >> as well.
> >>
> >> Thanks
> >>
> >> Kadri
> >>
> >>
> >> On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddywri@gmail.com> wrote:
> >>>
> >>> I am curious about the following change, which does not seem correct:
> >>>
> >>>
> >>>     //Specify the attributes to return
> >>> -    String returnedAtts[] = {"tokenGroups","objectSid"};
> >>> +    String returnedAtts[]={"tokenGroups"};
> >>>     searchCtls.setReturningAttributes(returnedAtts);
> >>>
> >>> Karl
> >>>
> >>>
> >>> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.kadri@gmail.com>
> >>> wrote:
> >>> > Karl,
> >>> >
> >>> > The ActiveDirectoryAuthority.java is attached.
> >>> >
> >>> > I'm not sure about clicking "Grant ASF License", or how to do that
> from
> >>> > Tortoise.
> >>> > But, you got my consent for granting the ASF license.
> >>> >
> >>> > Thanks
> >>> >
> >>> > Kadri
> >>> >
> >>> >
> >>> > On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddywri@gmail.com>
> wrote:
> >>> >>
> >>> >> You may attach the whole ActiveDirectoryAuthority.java file to
the
> >>> >> ticket if you prefer.  But you must click the "Grant ASF License"
> >>> >> button.
> >>> >>
> >>> >> Karl
> >>> >>
> >>> >> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay <
> atalay.kadri@gmail.com>
> >>> >> wrote:
> >>> >> > Karl,
> >>> >> >
> >>> >> > I'm using the Tortoise SVN, and new to SVN..
> >>> >> > Do you know how to do this with Tortoise ?
> >>> >> > Otherwise, I can just send the source code directly to you.
> >>> >> > BTW, there are some changes in the ParseUser method also,
you can
> see
> >>> >> > all
> >>> >> > when you run the diff.
> >>> >> >
> >>> >> > Thanks
> >>> >> >
> >>> >> > Kadri
> >>> >> >
> >>> >
> >>> >
> >>
> >>
> >
>

Mime
View raw message