manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Which version of Solr have implements the Document Level Access Control
Date Thu, 05 May 2011 22:29:01 GMT
I've cleaned things up slightly to restore the objectSid and also to
fix an infinite loop ifyou have more than one comma in the escape
expression.  I've attached the file, can you see if it works?

Thanks,
Karl


On Thu, May 5, 2011 at 6:23 PM, Karl Wright <daddywri@gmail.com> wrote:
> Thanks - we do need the user sid, so I will put that back.
>
> Also, I'd like to ask what you know about escaping the user name in
> this expression:
>
> String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName + "))";
>
> It seems to me that there is probably some escaping needed, but I
> don't know what style.  Do you think it is the same (C-style, with \
> escape) as for the other case?
>
> Karl
>
> On Thu, May 5, 2011 at 6:20 PM, Kadri Atalay <atalay.kadri@gmail.com> wrote:
>> Hi Karl,
>>
>>     String returnedAtts[]={"tokenGroups"} is ONLY returning the
>> memberGroups,
>>
>> C:\OPT>curl
>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com"
>> AUTHORIZED:TEQA-DC
>> TOKEN:TEQA-DC:S-1-5-32-545
>> TOKEN:TEQA-DC:S-1-5-32-544
>> TOKEN:TEQA-DC:S-1-5-32-555
>> TOKEN:TEQA-DC:S-1-5-21-
>> 1212545812-2858578934-3563067286-1124
>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
>> TOKEN:TEQA-DC:S-1-1-0
>>
>> but,
>>
>> -    String returnedAtts[] = {"tokenGroups","objectSid"}; is returning
>> memberGroups AND SID for that user.
>>
>> C:\OPT>curl
>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa.filetek.com"
>> AUTHORIZED:TEQA-DC
>> TOKEN:TEQA-DC:S-1-5-32-545
>> TOKEN:TEQA-DC:S-1-5-32-544
>> TOKEN:TEQA-DC:S-1-5-32-555
>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124
>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512
>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513
>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480
>> TOKEN:TEQA-DC:S-1-1-0
>>
>> Since we are only interested in the member groups, tokenGroups is
>> sufficient, but if you also need user SID then you might keep the objectSID
>> as well.
>>
>> Thanks
>>
>> Kadri
>>
>>
>> On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddywri@gmail.com> wrote:
>>>
>>> I am curious about the following change, which does not seem correct:
>>>
>>>
>>>     //Specify the attributes to return
>>> -    String returnedAtts[] = {"tokenGroups","objectSid"};
>>> +    String returnedAtts[]={"tokenGroups"};
>>>     searchCtls.setReturningAttributes(returnedAtts);
>>>
>>> Karl
>>>
>>>
>>> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.kadri@gmail.com>
>>> wrote:
>>> > Karl,
>>> >
>>> > The ActiveDirectoryAuthority.java is attached.
>>> >
>>> > I'm not sure about clicking "Grant ASF License", or how to do that from
>>> > Tortoise.
>>> > But, you got my consent for granting the ASF license.
>>> >
>>> > Thanks
>>> >
>>> > Kadri
>>> >
>>> >
>>> > On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddywri@gmail.com> wrote:
>>> >>
>>> >> You may attach the whole ActiveDirectoryAuthority.java file to the
>>> >> ticket if you prefer.  But you must click the "Grant ASF License"
>>> >> button.
>>> >>
>>> >> Karl
>>> >>
>>> >> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay <atalay.kadri@gmail.com>
>>> >> wrote:
>>> >> > Karl,
>>> >> >
>>> >> > I'm using the Tortoise SVN, and new to SVN..
>>> >> > Do you know how to do this with Tortoise ?
>>> >> > Otherwise, I can just send the source code directly to you.
>>> >> > BTW, there are some changes in the ParseUser method also, you can
see
>>> >> > all
>>> >> > when you run the diff.
>>> >> >
>>> >> > Thanks
>>> >> >
>>> >> > Kadri
>>> >> >
>>> >
>>> >
>>
>>
>

Mime
View raw message