Return-Path: 
 <user-return-3734-apmail-manifoldcf-user-archive=manifoldcf.apache.org@manifoldcf.apache.org>
X-Original-To: apmail-manifoldcf-user-archive@www.apache.org
Delivered-To: apmail-manifoldcf-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id ABFBA17245
	for <apmail-manifoldcf-user-archive@www.apache.org>;
 Fri,  8 May 2015 17:40:35 +0000 (UTC)
Received: (qmail 96480 invoked by uid 500); 8 May 2015 17:40:30 -0000
Delivered-To: apmail-manifoldcf-user-archive@manifoldcf.apache.org
Received: (qmail 96430 invoked by uid 500); 8 May 2015 17:40:30 -0000
Mailing-List: contact user-help@manifoldcf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@manifoldcf.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@manifoldcf.apache.org>
List-Post: <mailto:user@manifoldcf.apache.org>
List-Id: <user.manifoldcf.apache.org>
Reply-To: user@manifoldcf.apache.org
Delivered-To: mailing list user@manifoldcf.apache.org
Received: (qmail 96420 invoked by uid 99); 8 May 2015 17:40:30 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 May 2015 17:40:30 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id 03AECC092D
	for <user@manifoldcf.apache.org>; Fri,  8 May 2015 17:40:30 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.821
X-Spam-Level: 
X-Spam-Status: No, score=-0.821 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id 2hj0DN1ESTDu for <user@manifoldcf.apache.org>;
	Fri,  8 May 2015 17:40:29 +0000 (UTC)
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com
 [209.85.213.174])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id 89DC0212CE
	for <user@manifoldcf.apache.org>; Fri,  8 May 2015 17:40:28 +0000 (UTC)
Received: by igbpi8 with SMTP id pi8so26909989igb.1
        for <user@manifoldcf.apache.org>;
 Fri, 08 May 2015 10:40:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to:content-type;
        bh=iIFjNXmsdVi4MDll5iWtE/VLRQF0jqiKI4/hjqr9k9o=;
        b=zWZDjpd8Lg1b2RsXtEEzBHvDkmYNtbFE8M11eZNRlgS/2NyBwKZ9b49f7RgjThZL+n
         YDA4P1OcIqggIBeMPqkwYXiTgjHYIoH2/L6LGexC7/d9ri9pzvWzGC6gusgzg6uWOqWq
         Wsbw/Zu7YW0VWv+YyekOophb93kx3h1vPJosWku5XCJiHf9fG1cVwNVEsf1Z++pe5fBM
         u/fkaypROghRUw9TVvvoip6dTU2PcMS5AAhEbtqU4+Gxrs2SOA6xpysuASmQBXTPVE2B
         KsJs3i1MtcrFUlRB7GnmnAiYdniXpfxGzYkLyC32RT0TahpYb/f5DinunYksNdq2kEln
         EnNA==
X-Received: by 10.107.6.206 with SMTP id f75mr6562556ioi.78.1431106827261;
 Fri, 08 May 2015 10:40:27 -0700 (PDT)
MIME-Version: 1.0
From: Karl Wright <daddywri@gmail.com>
Date: Fri, 8 May 2015 13:40:31 -0400
Message-ID: <-546679426405367023@unknownmsgid>
Subject: RE: Restricting Search Results to ES
To: "Delapasse, Deanna" <ddelapasse@oceaneering.com>,
	"user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
Content-Type: text/plain; charset=UTF-8

Hi Deanna,
There is a book on mcf which describes the authorization model it uses
for documents.  Look for a link on the site for "books and
presentations".

For ES, the authorization integration requires Java level integration
with the manifoldcf es plugin.  The plugin is included on the download
page.

Not all repo connectors support authorization.  Cmis is in a grey area
too because all it can do for access tokens is list all the individual
users that can see a document.  That is not very scalable.

Hope this helps get you started.

Karl



Sent from my Windows Phone

-----Original Message-----
From: Delapasse, Deanna
Sent: 5/8/2015 10:22 AM
To: user@manifoldcf.apache.org
Subject: Restricting Search Results to ES

We're interested in ManifoldCF to help us meet a requirement that our
searches restrict a user's results based on his document access (ie he
shouldn't find something he isn't allowed to see).  We want the
crawler to search the entire repo since we'll have a wide variety of
user role-based permissions.



I understand that the connectors must provide some type of
authentication information that is attached to each document.  I'm
hoping to use the CMIS repo connector and enhance the authentication
information it provides.  Can you recommend an output connector that
does a good job of that?




I want to use Elasticsearch as my output connector.  I haven't been
able to find any information on how the output connectors consume the
auth info (there's excellent documentation for the repo connectors
providing the info).  Maybe I'm just not googling effectively.  I have
delved into the code, but would love some kind of overview from the
search engine's perspective!  Is this documented anywhere?




thanks very much!

Deanna