Re: Build fails with Maven while building MCF from trunk
I knew there were some changes due to new requirements from Apache Incubator, but unfortunately I have been abroad the last month and haven't paid attention. Sorry about that. Thanks for your help! Erlend On 12.04.12 23.46, Karl Wright wrote: The build process has changed. The incubator required we remove all binaries. You will need to do one of the following: (a) Download the -lib package from the release candidate and follow the instructions (b) Make sure you have svn 1.7 installed and run ant make-core-deps Only then will ant build or mvn-bootstrap work. This is also explained in the readme. Thanks, Karl On Thu, Apr 12, 2012 at 4:49 PM, Erlend Garåsene.f.gara...@usit.uio.no wrote: It fails on Linux as well on OSX. I just tried to run ant build and ant test on our Linux development server as well on my laptop. Well, I get BUILD SUCCESSFUL, but nothing really happens. No tests run at all. Erlend On 12.04.12 22.38, Erlend Garåsen wrote: Yes, but it fails as I wrote. I think something is broken in trunk at the moment. ant test and ant build fails as well. I double-checked by doing another svn co. Erlend On 12.04.12 22.18, Karl Wright wrote: You need to run the mvn-bootstrap script, as per the instructions. Karl On Thu, Apr 12, 2012 at 4:17 PM, Erlend Garåsene.f.gara...@usit.uio.no wrote: I did a svn co in order to get a fresh version of MCF from trunk since I had many temporary code changes which shouldn't be committed, and then I discovered some problems. I'm mentioning this in case there are similar problems with the RC6 candidate. When I run mvn-bootstrap.sh, the build fails after the dependencies have been downloaded: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-install-plugin:2.3.1:install-file (default-cli) on project mcf-parent: Error installing artifact 'xml-security:xmlsec:jar': Failed to install artifact xml-security:xmlsec:jar:1.4.1: /Users/erlendfg/tmp/mcf_2012/lib/xmlsec.jar (No such file or directory) - [Help 1] I1m using Apache Maven 3.0.4 Erlend -- Erlend Garåsen Center for Information Technology Services University of Oslo P.O. Box 1086 Blindern, N-0317 OSLO, Norway Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050 -- Erlend Garåsen Center for Information Technology Services University of Oslo P.O. Box 1086 Blindern, N-0317 OSLO, Norway Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050 -- Erlend Garåsen Center for Information Technology Services University of Oslo P.O. Box 1086 Blindern, N-0317 OSLO, Norway Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050
[jira] [Assigned] (CONNECTORS-430) An error should be returned if invalid seeds are typed into the seeds list for the web connector
[ https://issues.apache.org/jira/browse/CONNECTORS-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Erlend Garåsen reassigned CONNECTORS-430: - Assignee: Erlend Garåsen (was: Hitoshi Ozawa) An error should be returned if invalid seeds are typed into the seeds list for the web connector Key: CONNECTORS-430 URL: https://issues.apache.org/jira/browse/CONNECTORS-430 Project: ManifoldCF Issue Type: Improvement Components: Web connector Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3, ManifoldCF 0.4, ManifoldCF 0.5 Reporter: Erlend Garåsen Assignee: Erlend Garåsen Priority: Minor Fix For: ManifoldCF 0.6 Attachments: CONNECTORS-430.patch, CONNECTORS-430.patch If you create a job for the web connector and enter an invalid URL into the seeds list, any value is accepted. An error message should be returned to the user in order to prevent invalid seeds. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-430) An error should be returned if invalid seeds are typed into the seeds list for the web connector
[ https://issues.apache.org/jira/browse/CONNECTORS-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253218#comment-13253218 ] Erlend Garåsen commented on CONNECTORS-430: --- Japanese translation added and tested. r1325649 An error should be returned if invalid seeds are typed into the seeds list for the web connector Key: CONNECTORS-430 URL: https://issues.apache.org/jira/browse/CONNECTORS-430 Project: ManifoldCF Issue Type: Improvement Components: Web connector Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3, ManifoldCF 0.4, ManifoldCF 0.5 Reporter: Erlend Garåsen Assignee: Erlend Garåsen Priority: Minor Fix For: ManifoldCF 0.6 Attachments: CONNECTORS-430.patch, CONNECTORS-430.patch If you create a job for the web connector and enter an invalid URL into the seeds list, any value is accepted. An error message should be returned to the user in order to prevent invalid seeds. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CONNECTORS-430) An error should be returned if invalid seeds are typed into the seeds list for the web connector
[ https://issues.apache.org/jira/browse/CONNECTORS-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Erlend Garåsen resolved CONNECTORS-430. --- Resolution: Fixed An error should be returned if invalid seeds are typed into the seeds list for the web connector Key: CONNECTORS-430 URL: https://issues.apache.org/jira/browse/CONNECTORS-430 Project: ManifoldCF Issue Type: Improvement Components: Web connector Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3, ManifoldCF 0.4, ManifoldCF 0.5 Reporter: Erlend Garåsen Assignee: Erlend Garåsen Priority: Minor Fix For: ManifoldCF 0.6 Attachments: CONNECTORS-430.patch, CONNECTORS-430.patch If you create a job for the web connector and enter an invalid URL into the seeds list, any value is accepted. An error message should be returned to the user in order to prevent invalid seeds. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253235#comment-13253235
]
Karl Wright commented on CONNECTORS-460:
The branch
https://svn.apache.org/repos/asf/incubator/lcf/branches/CONNECTORS-460 contains
a revised active directory authority connector (plus one other fix that's
needed to make it work). Colin, if you can check out and build this branch,
I'd love to hear if it works for you.
The doc is not done yet, but the way it's supposed to work is that you create a
sequence of rules. Each rule has a suffix; if that matches the end of the
domain attached to the username (everything case insensitive), then the
corresponding domain controller will be the one that is used to resolve that
user's SIDs.
Please let me know what you find.
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253310#comment-13253310
]
Colin Anderson commented on CONNECTORS-460:
---
I've got it built and running, but I'm unable to get a connection to AD working.
I've added one domain with the following parameters:
{quote}
Domain controller name: ap.internal.com
Domain suffix: @ap.internal.com
Administrative user name: 123456
Authentication: simple
Login attribute: sAMAccountName
{quote}
When I hit save I get this error
{quote}
Threw exception: 'Authentication problem authenticating admin user '123456':
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece#0;]'
{quote}
Any idea what could be wrong?
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253327#comment-13253327
]
Karl Wright commented on CONNECTORS-460:
No idea what is wrong offhand. But we can debug.
Some questions:
(1) When you set up a connection with the old Active Directory connector using
the same (identical) parameters, do you get a successful connection?
(2) Please look carefully at the connection on the view page. Did all your
settings seem to get saved correctly? (other than the passwords, which you
can't see obviously).
(3) Do you see any exceptions in manifoldcf.log? They may be helpful in
figuring out what is going wrong.
Meanwhile I'll eyeball the code and see if I can find something obvious...
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253336#comment-13253336
]
Karl Wright commented on CONNECTORS-460:
I did find a problem; passwords were not being properly de-encrypted. Can you
synch up and try again?
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253338#comment-13253338
]
Karl Wright commented on CONNECTORS-460:
I hope this works for you now; if not, I'm going to be unavailable until Sunday
afternoon, at which point I can look at this again (or, hopefully, just update
the documentation and commit it to trunk!)
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253396#comment-13253396
]
Colin Anderson commented on CONNECTORS-460:
---
Hi Karl,
I can create the authority with multiple domains now, so that side seems OK.
When crawling, I get {{allow_token_document}} values all prefixed with the name
of new, single authority.
But the ManifoldCF authority service doesn't work - if I call:
{{http://localhost:8345/mcf-authority-service/UserACLs?username=123...@ap.enterdir.com}}
I get:
{{UNREACHABLEAUTHORITY:Active+Directory}}
{{TOKEN:AD:DEAD_AUTHORITY}}
And in the log I see:
{quote}
WARN 2012-04-13 15:06:07,253 (Auth check thread 0) - Authority connection
error: null
java.lang.NullPointerException
at
org.apache.manifoldcf.authorities.authorities.activedirectory.ActiveDirectoryAuthority$AuthorizationResponseDescription.getCriticalSectionName(ActiveDirectoryAuthority.java:1024)
at
org.apache.manifoldcf.core.cachemanager.CacheManager.enterCreateSection(CacheManager.java:343)
at
org.apache.manifoldcf.authorities.authorities.activedirectory.ActiveDirectoryAuthority.getAuthorizationResponse(ActiveDirectoryAuthority.java:260)
at
org.apache.manifoldcf.authorities.system.AuthCheckThread.run(AuthCheckThread.java:92)
WARN 2012-04-13 15:06:07,253 (13242994@qtp-32105264-0) - Authority 'Active
Directory' is unreachable for user '123...@ap.enterdir.com'
{quote}
I get the same if I try with a user in the {{external.com}} domain.
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
RE: [jira] [Commented] (CONNECTORS-460) ManifoldCF authority
service doesn't handle multi-domain environments
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Looks simple to fix next time I have internet service.
Karl
Sent from my Windows Phone
From: Colin Anderson (Commented) (JIRA)
Sent: 4/13/2012 10:13 AM
To: connectors-dev@incubator.apache.org
Subject: [jira] [Commented] (CONNECTORS-460) ManifoldCF authority
service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253396#comment-13253396
]
Colin Anderson commented on CONNECTORS-460:
---
Hi Karl,
I can create the authority with multiple domains now, so that side seems OK.
When crawling, I get {{allow_token_document}} values all prefixed with
the name of new, single authority.
But the ManifoldCF authority service doesn't work - if I call:
{{http://localhost:8345/mcf-authority-service/UserACLs?username=123...@ap.enterdir.com}}
I get:
{{UNREACHABLEAUTHORITY:Active+Directory}}
{{TOKEN:AD:DEAD_AUTHORITY}}
And in the log I see:
{quote}
WARN 2012-04-13 15:06:07,253 (Auth check thread 0) - Authority
connection error: null
java.lang.NullPointerException
at
org.apache.manifoldcf.authorities.authorities.activedirectory.ActiveDirectoryAuthority$AuthorizationResponseDescription.getCriticalSectionName(ActiveDirectoryAuthority.java:1024)
at
org.apache.manifoldcf.core.cachemanager.CacheManager.enterCreateSection(CacheManager.java:343)
at
org.apache.manifoldcf.authorities.authorities.activedirectory.ActiveDirectoryAuthority.getAuthorizationResponse(ActiveDirectoryAuthority.java:260)
at
org.apache.manifoldcf.authorities.system.AuthCheckThread.run(AuthCheckThread.java:92)
WARN 2012-04-13 15:06:07,253 (13242994@qtp-32105264-0) - Authority
'Active Directory' is unreachable for user '123...@ap.enterdir.com'
{quote}
I get the same if I try with a user in the {{external.com}} domain.
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253858#comment-13253858
]
Karl Wright commented on CONNECTORS-460:
I fixed the problem with the cache key computation; it was a simple typo. If
you synch up and try again, I feel pretty good about it working completely this
time. ;-)
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-460) ManifoldCF authority service doesn't handle multi-domain environments
[
https://issues.apache.org/jira/browse/CONNECTORS-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13253863#comment-13253863
]
Colin Anderson commented on CONNECTORS-460:
---
I'm out of the office, returning on the 1st of May.
ManifoldCF authority service doesn't handle multi-domain environments
-
Key: CONNECTORS-460
URL: https://issues.apache.org/jira/browse/CONNECTORS-460
Project: ManifoldCF
Issue Type: Improvement
Components: Active Directory authority, Authority Service
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF 0.3,
ManifoldCF 0.4, ManifoldCF 0.5, ManifoldCF 0.6
Environment: Two Active Directory domains: {{internal.com}} and
{{external.com}}
I'm indexing a Sharepoint site, where that site has permissions set
from_both_domains
Reporter: Colin Anderson
Assignee: Karl Wright
Labels: active-directory, authorization, security
Fix For: ManifoldCF 0.6
The ManifoldCF authority service doesn't handle multi-domain environments.
The authority service returns a list of SIDs for the specified user, from all
available ManifoldCF authorities, for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
Note that the SID is prefixed with the name of the ManifoldCF authority.
Here is my setup:
Output connector: Solr
Authority connector1: Active Directory ({{internal.com}} domain), named
{{InternalAD}}
Authority connector2: Active Directory ({{external.com}} domain), named
{{ExternalAD}}
Repository connector: Sharepoint
If I set the Sharepoint repository connector to use the authority 'None
(Global Authority)', then {{allow_token_document}} will contain SIDs that are
_not_ prefixed with any authority name, for example:
{{S-1-5-21-1234567890-1234567890-1234567890-1234}}
It is therefore not possible to get any search results, because the authority
service tokens will not match the stored tokens (because they _are_ prefixed
with authority names).
If I set the Sharepoint repository connector to use one of the AD authorities
'InternalAD', then {{allow_token_document}} will contain SIDs that are
prefixed with 'InternalAD', for example:
{{TOKEN:InternalAD:S-1-5-21-1234567890-1234567890-1234567890-1234}}
However, the prefix is _always_ 'InternalAD', even if the user/group actually
belongs to the {{external.com}} domain. Therefore it is not possible for
users in the {{external.com}} domain to get any search results, because the
authority service tokens will not match the stored tokens.
In essence, there seems to be a mismatch between the tokens that the
authority service outputs, and those that repository connectors output.
Perhaps one solution would be to use the authority 'None (Global Authority)',
and modify the authority service to take an extra query parameter that
prevents it from prefixing SIDs with the authority name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
