manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cihad Guzel <cguz...@gmail.com>
Subject Re: Sharepoint get ACL
Date Wed, 28 Dec 2016 11:26:59 GMT
Hi Karl,

I selected "Active Directory". My SharePoint server run with Active
Directory.

2016-12-28 14:13 GMT+03:00 Karl Wright <daddywri@gmail.com>:

> Hi Cihad,
>
> The code for looking for document ACLs is as follows:
>
> >>>>>>
>         Object node = nodeList.get( i );
>         String mask = doc.getValue( node, "Mask" );
>         long maskValue = new Long(mask).longValue();
>         if ((maskValue & 1L) == 1L)
>         {
>           // Permission to view
>           String isUser = doc.getValue( node, "MemberIsUser" );
>
>           if ( isUser.compareToIgnoreCase("True") == 0 )
>           {
>             // Use AD user or group
>             String userLogin = doc.getValue( node, "UserLogin" );
>             String userSid = getSidForUser( userCall, userLogin,
> activeDirectoryAuthority );
>             sids.add( userSid );
>           }
>           else
>           {
>             // Role
>             List<String> roleSids;
>             String roleName = doc.getValue( node, "RoleName" );
>             if ( roleName.length() == 0)
>             {
>               roleName = doc.getValue(node,"GroupName");
>               roleSids = getSidsForGroup(userCall, roleName,
> activeDirectoryAuthority);
>             }
>             else
>             {
>               roleSids = getSidsForRole(userCall, roleName,
> activeDirectoryAuthority);
>             }
>
>             for (String sid : roleSids)
>             {
>               sids.add( sid );
>             }
>           }
>         }
>
> <<<<<<
>
> So, in your example, getSidsForGroup() should be getting called.  The code
> for that is as follows:
>
> >>>>>>
>   private List<String> getSidsForGroup(com.microsoft.
> schemas.sharepoint.soap.directory.UserGroupSoap userCall, String
> groupName,
>     boolean activeDirectoryAuthority)
>     throws ManifoldCFException, java.net.MalformedURLException,
> javax.xml.rpc.ServiceException, java.rmi.RemoteException
>   {
>     List<String> rval = new ArrayList<String>();
>
>     com.microsoft.schemas.sharepoint.soap.directory.
> GetUserCollectionFromGroupResponseGetUserCollectionFromGroupResult
> roleResp = userCall.getUserCollectionFromGroup(groupName);
>     org.apache.axis.message.MessageElement[] roleList =
> roleResp.get_any();
>
>     if (roleList.length != 1)
>       throw new ManifoldCFException("Bad response - expecting one outer
> 'GetUserCollectionFromGroup' node, saw "+Integer.toString(roleList.
> length));
>
>     MessageElement roles = roleList[0];
>     if (!roles.getElementName().getLocalName().equals("
> GetUserCollectionFromGroup"))
>       throw new ManifoldCFException("Bad response - outer node should have
> been 'GetUserCollectionFromGroup' node");
>
>     Iterator rolesIter = roles.getChildElements();
>
>     if (!activeDirectoryAuthority)
>     {
>       // We need not only the group itself, but its user children that are
> Claims-based entities
>       rval.add("G"+groupName);
>       while (rolesIter.hasNext())
>       {
>         MessageElement child = (MessageElement)rolesIter.next();
>         if (child.getElementName().getLocalName().equals("Users"))
>         {
>           Iterator usersIterator = child.getChildElements();
>           while (usersIterator.hasNext())
>           {
>             MessageElement user = (MessageElement)usersIterator.next();
>             if (user.getElementName().getLocalName().equals("User"))
>             {
>               String isDomainGroup = user.getAttribute("IsDomainGroup");
>               if (isDomainGroup != null && isDomainGroup.equals("True"))
>               {
>                 // Add a user token for the domain group
>                 rval.add("U"+user.getAttribute("LoginName"));
>               }
>             }
>           }
>         }
>       }
>     }
>     else
>     {
>       while (rolesIter.hasNext())
>       {
>         MessageElement child = (MessageElement)rolesIter.next();
>         if (child.getElementName().getLocalName().equals("Users"))
>         {
>           Iterator usersIterator = child.getChildElements();
>           while (usersIterator.hasNext())
>           {
>             MessageElement user = (MessageElement)usersIterator.next();
>             if (user.getElementName().getLocalName().equals("User"))
>             {
>               rval.add(user.getAttribute("Sid"));
>             }
>           }
>         }
>       }
>     }
>     return rval;
>   }
>
> <<<<<<
>
> So what happens there depends on what you've selected for the connection's
> "use Active Directory authority" selection.  What have you chosen?
>
> Karl
>
> On Wed, Dec 28, 2016 at 5:35 AM, Cihad Guzel <cguzelg@gmail.com> wrote:
>
>> Hi Karl,
>>
>> 1- Yes, I selected Sharepoint 2013,
>> 2- Yes, I installed the plugin in my Sharepoint server.
>>
>> 2016-12-28 2:54 GMT+03:00 Karl Wright <daddywri@gmail.com>:
>>
>>> Hi Cihad,
>>>
>>> Some questions:
>>> (1) Have you selected "SharePoint 2013" in your SharePoint connection?
>>> (2) Have you installed the ManifoldCF SharePoint 2013 plugin on your
>>> SharePoint server?
>>>
>>> You will need to do both of these in order for SharePoint 2013 ACLs to
>>> work right.
>>>
>>> Thanks,
>>> Karl
>>>
>>>
>>> On Tue, Dec 27, 2016 at 3:01 PM, Cihad Guzel <cguzelg@gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I am trying MFC with Sharepoint 2013. First, I install the sharepoint
>>>> plugin and then run my job. My files in sharepoint are indexed successfully
>>>> to Solr. But I don't see the ACLs in solr index. You can see my sample solr
>>>> data as follow:
>>>>
>>>> "filename":"Sample.doc",
>>>> "allow_token_document":["Authority+Group:"], "deny_token_document":[
>>>> "Authority+Group:DEAD_AUTHORITY"], "deny_token_parent":["__nosecu
>>>> rity__"], "allow_token_share":["__nosecurity__"], "allow_token_parent":
>>>> ["__nosecurity__"], "deny_token_share":["__nosecurity__"],
>>>>
>>>> I run Sharepoint connector with debug mode. I follow Manifoldcf log
>>>> but I don't see any error in it. I can see "getDocumentACLs xml response:"
in
>>>> the log as follow:
>>>>
>>>> <ns1:GetPermissionCollection ><ns1:Permissions>
>>>> ...
>>>>   <ns1:Permission MemberID="3" Mask="-1" MemberIsUser="False" MemberGlobal="True"
GroupName="testsite Owners"/>
>>>>        ...
>>>>     </ns1:Permissions>
>>>> </ns1:GetPermissionCollection>
>>>>
>>>> How do I follow a way to solve the problem?
>>>>
>>>>
>>>> --
>>>> Regards
>>>> Cihad Güzel
>>>>
>>>
>>>
>>
>>
>> --
>> Teşekkürler
>> Cihad Güzel
>>
>
>


-- 
Teşekkürler
Cihad Güzel

Mime
View raw message