manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: merge AuthenticatedUserName
Date Wed, 30 Apr 2014 11:56:34 GMT
Hi Ahmet,

The authorization domains declared in connectors.xml are NOT Active
Directory domains.  They are instead arbitrary.  The end-user documentation
describes this in some detail, and I'll send you a reworked chapter of
ManifoldCF in Action which describes how these work.

Thanks,
Karl



On Wed, Apr 30, 2014 at 7:33 AM, Ahmet Arslan <iorixxx@yahoo.com> wrote:

> Hi Karl,
>
> For some reason, we have different rights for the same username with
> different  suffixes (@g-b.entp and @g-b)
>
> What we are trying to do is to merge rights.
>
> AuthenticatedUserName=ahmet@g-b
> AuthenticatedUserName=ahmet@g-b.entp
>
>
> I see following in connnectors.xml
>
> <!-- authorizationdomain domain="AD" name="ActiveDirectory"/-->
>
> AD is the part where we pass parameters of AuthenticatedUserDomain=AD. But
> what is the name (ActiveDirectory) part? How it is connected to our
> defined authorities?
>
> Thanks,
> Ahmet
>   On Wednesday, April 30, 2014 1:07 PM, Karl Wright <daddywri@gmail.com>
> wrote:
>  Hi Ahmet,
>
> If you want to pass in two different user names, you need to specify two
> domains.  Before you can specify two domains, you have to register the
> domains you use.  See connectors.xml (or connectors-proprietary.xml) for
> how to register domains.  Then, specify domain_0= and domain_1= in your url
> as well.  Make sure your two authorities are also configured to use the
> appropriate authoritization domain as well.
>
> If you really have just *one* user name, and want to map it to *two*,
> consider using a regular expression mapper to modify the name for one of
> your authoriities instead.
>
> Hope this helps.
> Karl
>
>
>
> On Wed, Apr 30, 2014 at 5:23 AM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>
> Hi,
>
> In our mcf/solr setup we want to merge rights of users xxx@g-b and
> xxx@g-b.entp
>
> 1) http://localhost:8345/mcf-authority-service/UserACLs?username=xxx@g-b
> 2)
> http://localhost:8345/mcf-authority-service/UserACLs?username=xxx@g-b.entp
>
> (1) and (2) return something. We expect in (3) we have union of results
>
> 3)
> http://localhost:8345/mcf-authority-service/UserACLs?username_0=xxx@g-b&username_1=xxx@g-b.entp
>
> However (3) returns results of username_1. Because domain parameter is
> used as keys. empty string used as key and previous entry is overridden.
> And we don't know what to pass as domain.
>
> Does that makes sense?
> Should AuthenticatedUserName_0=xxx&AuthenticatedUserName_1=yyy parameters
> OR rights of users?
>
> Note that We could be completely mis-using mcf.
>
> Thanks,
> Ahmet
>
>
>
>
>

Mime
View raw message