manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Sharepoint
Date Tue, 26 Feb 2013 21:39:04 GMT
Another point is that your change ONLY affects the "check" function - which
is for the UI display only.  If you made no further changes elsewhere in
the code I am at a loss as to why MCPermissions works in some circumstances
but not others.  Perhaps a redirection is interfering with your ability to
reach the root node of the site?

Karl

On Tue, Feb 26, 2013 at 4:36 PM, Karl Wright <daddywri@gmail.com> wrote:

> Well, you are not actually using the MCPermissions service with this
> change.  Permission fetches will therefore not include Folder or File
> security tokens.  If this is SharePoint 2010, you will also have had to
> tell it you were using SharePoint 2007 in order to be able to list files
> properly.
>
> Karl
>
>
>
> On Tue, Feb 26, 2013 at 4:20 PM, Mark Lugert <mlugert@yahoo.com> wrote:
>
>> In the code I see this:
>>
>> // This fails:
>> MCPermissionsWS aclService =
>> *new* MCPermissionsWS(baseUrl + site, userName, password, configuration,
>> httpClient);
>> com.microsoft.sharepoint.webpartpages.PermissionsSoap aclCall =
>> aclService.getPermissionsSoapHandler();
>>  // This works:
>> PermissionsWS *aclService* =
>> *new* PermissionsWS(baseUrl + site, userName, password, configuration,
>> httpClient);
>> com.microsoft.schemas.sharepoint.soap.directory.PermissionsSoap *aclCall*= aclService.getPermissionsSoapHandler();
>>
>> As the code says, one fails and one works.  The one that succeeds is
>> commented out.
>>
>> I commented out the one that fails and use the one that works.  So now I
>> can sync everything, however I have not tried to sync any permissions.
>> Perhaps because the first one above fails permissions will fail to sync?
>> Not sure, but the one that fails gives an error 1000 and 401 unauthorized.
>> There is no useful logging in the event logs or in IIS logs to say exactly
>> who or what is unauthorized.
>>
>> -mark
>>
>>   *From:* Karl Wright <daddywri@gmail.com>
>> *To:* Mark Lugert <mlugert@yahoo.com>
>> *Cc:* "user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
>> *Sent:* Tuesday, February 26, 2013 3:17 PM
>> *Subject:* Re: Sharepoint
>> **
>> Any news on this?****Karl****
>> On Sat, Feb 23, 2013 at 5:20 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>>
>>  It's there.  I'll have the admin double check the permissions again.
>> Seems like something doesn't have execute permissions.
>>
>> -mark
>>
>>   *From:* Karl Wright <daddywri@gmail.com>
>> ***To:* Mark Lugert <mlugert@yahoo.com> ***Cc:* "
>> user@manifoldcf.apache.org" <user@manifoldcf.apache.org> **
>> *Sent:* Saturday, February 23, 2013 5:19 PM
>> *Subject:* Re: Sharepoint
>>  **
>> Yes, that's exactly correct.  Check to be sure the Permissions.asmx file
>> is present, and that the service is enabled.****Karl****
>> On Sat, Feb 23, 2013 at 3:37 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>>
>>  Hi Karl,
>>
>> I added some debug to print the actual axis error in the sharepoint
>> connector.  I'm getting error 1000.  Looking at MCPermissions.cs<http://mcpermissions.cs/>I
see that it is what is raising this error, in the code below:
>>
>> try
>>             {
>>                 // Only handle requests for "item".  Send all other
>> requests to the SharePoint web service.
>>                 if (objectType.Equals(itemType))
>>                 {
>>                     retVal = GetItemPermissions(objectName);
>>                 }
>>                 else
>>                 {
>>
>> ServicePointManager.ServerCertificateValidationCallback +=
>>                         new
>> RemoteCertificateValidationCallback(ValidateCertificate);
>>
>>                     using (SPPermissionsService.Permissions service = new
>> SPPermissionsService.Permissions())
>>                     {
>>                         service.Url = SPContext.Current.Web.Url +
>> "/_vti_bin/Permissions.asmx";
>>                         service.Credentials =
>> System.Net.CredentialCache.DefaultCredentials;
>>
>>                         retVal =
>> service.GetPermissionCollection(objectName, objectType);
>>                     }
>>                 }
>>             }
>>             catch (SoapException soapEx)
>>             {
>>                 throw soapEx;
>>             }
>>             catch (Exception ex)
>>             {
>>                 EventLog.WriteEntry("MCPermissions.asmx", ex.Message);
>>                 *throw RaiseException(ex.Message, "1000", ex.Source);
>> *            }
>>
>> Now, the error is still a 401 unauthorized, but since it's inside
>> MCPermissions.asmx it's clearly not an issue with accessing the webpart
>> remotely.
>>
>> I assume since someone wrote that 1000 for a reason that this is not an
>> unknown issue.  Any ideas what my issue may be?  Seems like maybe this is
>> an issue accessing /_vti_bin/Permissions.asmx from within
>> MCPermissions.asmx?
>>
>> thanks,
>> Mark
>>
>>    *From:* Karl Wright <daddywri@gmail.com>***To:*
>> user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> **
>> *Sent:* Friday, February 22, 2013 3:07 PM
>> *Subject:* Re: Sharepoint
>> **
>> Usually the only thing you have to be careful of with the plugin is to
>> install it when logged in as an administrator.  The plugin gets the privs
>> it needs from the installation user.****If you've done that already,
>> then you also have to open up the IIS widget in Windows and grant .NET
>> execute privs to the _vti_bin directory.  There's a whole lot of security
>> configuration for IIS that I am not an expert with either, but the idea is
>> to make sure all the .asmx assemblies under _vti_bin can be executed by a
>> remote user.****(And yes, Windows security is, in general, a complete
>> pain in the behind.)****Hope that helps.****Karl******
>> On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>>
>>   Ok thanks, installed.  Seeing these two issues now, wondering if y'all
>> have seen these.  I'm not a Sharepoint expert, but seems it's security is,
>> um, difficult:
>>
>> 1. Alternate access mappings have not been configured. Users or services
>> are accessing the site http://amazona-2h120gm with the URL
>> http://ec2-50-16-175-94.compute-1.amazonaws.com/. This may cause
>> incorrect links to be stored or returned to users. If this is expected, add
>> the URL http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM
>> response URL. For more information, see:
>> http://go.microsoft.com/fwlink/?LinkId=114854"/>
>>
>> Not sure this is actually causing any issues right now, but if you've
>> seen this let me know.
>>
>> 2.  MCPermissions.asmx
>>  The request failed with HTTP status 401: Unauthorized.
>>
>> My admin just ran the script for installing mcpermissions.asmx.  But it
>> seems like there is an extra step to grant users access?
>>
>> thanks,
>> Mark
>>
>>   *From:* Karl Wright <daddywri@gmail.com>
>> ***To:* user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> ***
>> Sent:* Friday, February 22, 2013 2:00 PM***Subject:* Re: Sharepoint**
>>  **IIS uses NTLM or Kerberos typically.  You want to configure it to use
>> NTLM.****In 1.1 and 1.1.1 there was a problem with the NTLM
>> implementation in**HttpClient, having to do with machines either not
>> joined to domains or**joined to child domains.  If you think you may
>> have that problem, you**can download a version of httpclient that works
>> properly from**http://people.apache.org/~kwright .  It's version
>> 4.2.4-SNAPSHOT.****Karl******On Fri, Feb 22, 2013 at 1:36 PM, Mark
>> Lugert <mlugert@yahoo.com> wrote:**> Ok will try.  This server has other
>> web apps installed as well.  There is**> clearly a conflict or or
>> something going on with the classpath.**>**> Another question though.
>> The Sharepoint connector uses what to**> authenticate?  Seems like it
>> would use NTLM by default as I don't see**> anywhere basic auth being
>> set.**>**> The docs kind of gloss over that part, but I'm getting**>**>
>> Got an unknown remote exception accessing site - axis fault = Client, detail
>> **> = The request failed with HTTP status 401: Unauthorized.**>**> using
>> the exact same credentials I use to login via the browser.  Checking**>
>> security log and stuff, but seems like this should be documented better.*
>> *>**> thanks,**> mark**>******
>>
>> **
>> ****
>>
>> **
>> ****
>>
>> **
>> ****
>>
>
>

Mime
View raw message