manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Sharepoint
Date Tue, 26 Feb 2013 21:55:53 GMT
The flag is not well named.  The calling code looks like this:

      proxy.checkConnection( "/", supportsItemSecurity );

"supportsItemSecurity" is set on both SP 3.0 and 4.0.

Karl

On Tue, Feb 26, 2013 at 4:41 PM, Mark Lugert <mlugert@yahoo.com> wrote:

> It's ootb sharepoint and IIS.  It being in Amazon is really the only
> unique thing about it.
>
> And yes, not sure why that one call fails, but others succeed.
>
> But, in the code it's doing a if(sp3)
>
> But, I'm using SP 2010.  Why is if (sp30) even called?
>
> -mark
>
>   *From:* Karl Wright <daddywri@gmail.com>
>
> *To:* user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com>
> *Sent:* Tuesday, February 26, 2013 4:39 PM
> *Subject:* Re: Sharepoint
> **
> Another point is that your change ONLY affects the "check" function -
> which is for the UI display only.  If you made no further changes elsewhere
> in the code I am at a loss as to why MCPermissions works in some
> circumstances but not others.  Perhaps a redirection is interfering with
> your ability to reach the root node of the site?****Karl****
> On Tue, Feb 26, 2013 at 4:36 PM, Karl Wright <daddywri@gmail.com> wrote:**
>
> Well, you are not actually using the MCPermissions service with this
> change.  Permission fetches will therefore not include Folder or File
> security tokens.  If this is SharePoint 2010, you will also have had to
> tell it you were using SharePoint 2007 in order to be able to list files
> properly.
>
> Karl
> ******
> On Tue, Feb 26, 2013 at 4:20 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>
>  In the code I see this:
>
> // This fails:
> MCPermissionsWS aclService =
> *new* MCPermissionsWS(baseUrl + site, userName, password, configuration,
> httpClient);
> com.microsoft.sharepoint.webpartpages.PermissionsSoap aclCall =
> aclService.getPermissionsSoapHandler();
>  // This works:
> PermissionsWS *aclService* =
> *new* PermissionsWS(baseUrl + site, userName, password, configuration,
> httpClient);
> com.microsoft.schemas.sharepoint.soap.directory.PermissionsSoap *aclCall*= aclService.getPermissionsSoapHandler();
>
> As the code says, one fails and one works.  The one that succeeds is
> commented out.
>
> I commented out the one that fails and use the one that works.  So now I
> can sync everything, however I have not tried to sync any permissions.
> Perhaps because the first one above fails permissions will fail to sync?
> Not sure, but the one that fails gives an error 1000 and 401 unauthorized.
> There is no useful logging in the event logs or in IIS logs to say exactly
> who or what is unauthorized.
>
> -mark
>
>   *From:* Karl Wright <daddywri@gmail.com>***To:* Mark Lugert <
> mlugert@yahoo.com> ***Cc:* "user@manifoldcf.apache.org" <
> user@manifoldcf.apache.org> **
> *Sent:* Tuesday, February 26, 2013 3:17 PM
> *Subject:* Re: Sharepoint
> **
> Any news on this?****Karl****
>  On Sat, Feb 23, 2013 at 5:20 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>
>   It's there.  I'll have the admin double check the permissions again.
> Seems like something doesn't have execute permissions.
>
> -mark
>
>    *From:* Karl Wright <daddywri@gmail.com>
> ***To:* Mark Lugert <mlugert@yahoo.com> ***Cc:* "
> user@manifoldcf.apache.org" <user@manifoldcf.apache.org> **
> *Sent:* Saturday, February 23, 2013 5:19 PM
> *Subject:* Re: Sharepoint
>  **
>  Yes, that's exactly correct.  Check to be sure the Permissions.asmx file
> is present, and that the service is enabled.****Karl****
>  On Sat, Feb 23, 2013 at 3:37 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>
>   Hi Karl,
>
> I added some debug to print the actual axis error in the sharepoint
> connector.  I'm getting error 1000.  Looking at MCPermissions.cs<http://mcpermissions.cs/>I
see that it is what is raising this error, in the code below:
>
> try
>             {
>                 // Only handle requests for "item".  Send all other
> requests to the SharePoint web service.
>                 if (objectType.Equals(itemType))
>                 {
>                     retVal = GetItemPermissions(objectName);
>                 }
>                 else
>                 {
>
> ServicePointManager.ServerCertificateValidationCallback +=
>                         new
> RemoteCertificateValidationCallback(ValidateCertificate);
>
>                     using (SPPermissionsService.Permissions service = new
> SPPermissionsService.Permissions())
>                     {
>                         service.Url = SPContext.Current.Web.Url +
> "/_vti_bin/Permissions.asmx";
>                         service.Credentials =
> System.Net.CredentialCache.DefaultCredentials;
>
>                         retVal =
> service.GetPermissionCollection(objectName, objectType);
>                     }
>                 }
>             }
>             catch (SoapException soapEx)
>             {
>                 throw soapEx;
>             }
>             catch (Exception ex)
>             {
>                 EventLog.WriteEntry("MCPermissions.asmx", ex.Message);
>                 *throw RaiseException(ex.Message, "1000", ex.Source);
> *            }
>
> Now, the error is still a 401 unauthorized, but since it's inside
> MCPermissions.asmx it's clearly not an issue with accessing the webpart
> remotely.
>
> I assume since someone wrote that 1000 for a reason that this is not an
> unknown issue.  Any ideas what my issue may be?  Seems like maybe this is
> an issue accessing /_vti_bin/Permissions.asmx from within
> MCPermissions.asmx?
>
> thanks,
> Mark
>
>    *From:* Karl Wright <daddywri@gmail.com>***To:*
> user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> **
> *Sent:* Friday, February 22, 2013 3:07 PM
> *Subject:* Re: Sharepoint
> **
>  Usually the only thing you have to be careful of with the plugin is to
> install it when logged in as an administrator.  The plugin gets the privs
> it needs from the installation user.****If you've done that already, then
> you also have to open up the IIS widget in Windows and grant .NET execute
> privs to the _vti_bin directory.  There's a whole lot of security
> configuration for IIS that I am not an expert with either, but the idea is
> to make sure all the .asmx assemblies under _vti_bin can be executed by a
> remote user.****(And yes, Windows security is, in general, a complete
> pain in the behind.)****Hope that helps.****Karl******
>   On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <mlugert@yahoo.com> wrote:*
> *
>
>    Ok thanks, installed.  Seeing these two issues now, wondering if y'all
> have seen these.  I'm not a Sharepoint expert, but seems it's security is,
> um, difficult:
>
> 1. Alternate access mappings have not been configured. Users or services
> are accessing the site http://amazona-2h120gm/ with the URL
> http://ec2-50-16-175-94.compute-1.amazonaws.com/. This may cause
> incorrect links to be stored or returned to users. If this is expected, add
> the URL http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM
> response URL. For more information, see:
> http://go.microsoft.com/fwlink/?LinkId=114854"/>
>
> Not sure this is actually causing any issues right now, but if you've seen
> this let me know.
>
> 2.  MCPermissions.asmx
>  The request failed with HTTP status 401: Unauthorized.
>
> My admin just ran the script for installing mcpermissions.asmx.  But it
> seems like there is an extra step to grant users access?
>
> thanks,
> Mark
>
>   *From:* Karl Wright <daddywri@gmail.com>
> ***To:* user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> ***
> Sent:* Friday, February 22, 2013 2:00 PM***Subject:* Re: Sharepoint**
>  **IIS uses NTLM or Kerberos typically.  You want to configure it to use
> NTLM.****In 1.1 and 1.1.1 there was a problem with the NTLM
> implementation in**HttpClient, having to do with machines either not
> joined to domains or**joined to child domains.  If you think you may have
> that problem, you**can download a version of httpclient that works
> properly from**http://people.apache.org/~kwright .  It's version
> 4.2.4-SNAPSHOT.****Karl******On Fri, Feb 22, 2013 at 1:36 PM, Mark Lugert
> <mlugert@yahoo.com> wrote:**> Ok will try.  This server has other web
> apps installed as well.  There is**> clearly a conflict or or something
> going on with the classpath.**>**> Another question though.  The
> Sharepoint connector uses what to**> authenticate?  Seems like it would
> use NTLM by default as I don't see**> anywhere basic auth being set.**>**>
> The docs kind of gloss over that part, but I'm getting**>**> Got an
> unknown remote exception accessing site - axis fault = Client, detail**>
> = The request failed with HTTP status 401: Unauthorized.**>**> using the
> exact same credentials I use to login via the browser.  Checking**>
> security log and stuff, but seems like this should be documented better.**
> >**> thanks,**> mark**>******
>
> **
> ****
>
> **
> ****
>
> **
> ****
>
> **
>
> **
> ****
>

Mime
View raw message