manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Silvio Meier" <silvio.r.me...@quantentunnel.de>
Subject ManifoldCF authentication service accept only in form of a user pricipal name
Date Sun, 15 May 2016 15:39:42 GMT
<html><head></head><body><div style="font-family: Verdana;font-size:
12.0px;"><div>
<div>Hi Apache ManifoldCF user list</div>

<div>&nbsp;</div>

<div>I&rsquo;m experimenting with Apache ManifoldCF 2.3, Elasticsearch 1.74 and
the corresponding Elasticsearch plugin (v 2.0.1) which I use to index the network Windows
shares of our company.<br/>
I set up Apache Manifold using authorization services together with an Active Directory.</div>

<div>&nbsp;</div>

<div>Using the Apache ManifoldCF authentication services with separated domain name
and user name does somehow not work for our active directory configuration, so the when the
following service call is made http://localhost:8081/mcf-authority-service/UserACLs?username=msi&amp;domain=ourdomain.com
, the authentication service does not return any ACL list. I tried to do different combinations
of domain names or netbios names together with user names. Or just username without domain
name. No success!</div>

<div>&nbsp;</div>

<div>However, the only thing that is working is when calling the authorization service
with http://localhost:8081/mcf-authority-service/UserACLs?username=msi@ourdomain.com , i.e.,
using the user principal name as username.&nbsp; In this case the service returns the
correct set of ACLs.</div>

<div>&nbsp;</div>

<div>Unfortuanately, the elasticsearch plugin for Apache ManifoldCF authentication service
does not allow one to hand over a username in the form of the user principal name, e.g. msi@ourdomian.com.
This is due to the fact that the @ sign is not allowed to be encoded in the user name. My
current work around (which works) is to adapt the elasticsearch plugin to accept the @ sign
in the user name. However, this is not a nice solution. Is there a better (built-in) solution,
or did I just something miss regarding the authencation service?</div>

<div>&nbsp;</div>

<div>Regards<br/>
Silvio</div>

<div>&nbsp;</div>
</div>

<div>&nbsp;</div>

<div class="signature">&nbsp;</div></div></body></html>

Mime
View raw message