manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Two Active directory connections in Authority group
Date Tue, 28 Oct 2014 16:24:47 GMT
I should also add that it is really helpful for diagnosing problems of this
kind to use curl, e.g.:

curl
http://localhost:8345/mcf-authority-service/UserACLs?user=kambiz@something.net

... and see what gets returned.  If you see DEAD_AUTHORITY in the list of
acls, don't expect to see any documents from the associated authority group.

Thanks,
Karl


On Tue, Oct 28, 2014 at 12:09 PM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Kambiz,
>
> The Active Directory authority is not an "additive" authority, so you
> cannot use it within the same authorization group with other authorities,
> and expect it to work cumulatively.  The reason is that when there is a
> problem (e.g. user not found or server unreachable), the authority asserts
> the "DEAD_AUTHORITY" token, which effectively disables any documents from
> being returned.  This is necessary whenever the repository has a security
> model that has "deny" tokens, and that's the case for most repositories
> secured by Active Directory.
>
> For this reason, we long ago added the ability to have multiple Active
> Directory domains within the same Active Directory authority.  This is what
> you should use, since it will behave in the manner you expect.
>
> Thanks,
> Karl
>
>
> On Tue, Oct 28, 2014 at 11:35 AM, Kambiz Niktabar <niktabar@yahoo.com>
> wrote:
>
>> Hello,
>>
>> I want to have two active directory connections (intranet and extranet
>> AD) in one Authority group but it seems it’s not working as expected. I’m
>> getting hits when I have only Intranet AD in the authority group and I got
>> zero hits when I add Extranet AD into the same authority group
>>
>> I attached Solr log files for two scenarios.
>>
>> Regards
>> Kambiz
>>
>
>

Mime
View raw message