Re: Cannot connect to SharePoint 2010 instance
I've done further research on HttpComponents' support for Kerberos. It turns out that HttpComponents claims they can successfully use tickets from the local machine's ticket store. I haven't tried this here (don't have the setup for it), but it looks like it could conceivably work with MCF trunk at this point. Read up on it here: http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html Ideally, of course, we'd really want to add the ability for ManifoldCF to handle its own ticket cache, one per connection, so that each connection looks like its own independent client. In order for that to happen, connectors that support Kerberos would need to be able to kerberos authenticate. But, for right now, this may work for people needing Kerberos. Karl On Sun, Nov 11, 2012 at 8:42 AM, Karl Wright daddy...@gmail.com wrote: The port of the SharePoint connector to httpcomponents 4.2.2 is complete. I don't know whether it will help you or not, but if you check out ManifoldCF trunk (from https://svn.apache.org/repos/asf/manifoldcf/trunk) and run: ant make-core-deps build ... you will be running the latest code. It has been tried against a plain-vanilla SharePoint system using standard NTLM and found to work. If you try the new code and it works for you, that would be very interesting to know; it looks like httpcomponents has developed some support for SPNEGO, which may be what is missing in the current ManifoldCF release. Thanks, Karl On Wed, Nov 7, 2012 at 4:47 PM, Karl Wright daddy...@gmail.com wrote: MCPermissions.asmx and Lists.asmx are two different services, and the Lists.asmx is likely failing before the MCPermissions.asmx is even needed. If, for instance, you are just trying with the UI to see if you get back Connection working, this makes sense since the Lists service is called first and then the MCPermissions service is called after. FWIW, I'm starting to look into porting ManifoldCF to the httpcomponent libraries from the older httpclient 3.1 world. This will make it easier, I think, to incorporate newer additions. Thanks, Karl On Wed, Nov 7, 2012 at 3:44 PM, Iannetti, Robert robert.ianne...@novartis.com wrote: Karl, It looks like I am failing connecting to the /_vti_bin/lists.asmx service but I never see the MCPermissions.asmx in any of my trace logs. Why is that? Thanks Bob -Original Message- From: Iannetti, Robert Sent: Wednesday, November 07, 2012 10:37 AM To: user@manifoldcf.apache.org Subject: RE: Cannot connect to SharePoint 2010 instance Karl, The X's you see are me trying to make the log look generic there were valid guids present in the real log. I will try WireShark and let you know the results. Thanks Bob -Original Message- From: Karl Wright [mailto:daddy...@gmail.com] Sent: Wednesday, November 07, 2012 10:32 AM To: user@manifoldcf.apache.org Subject: Re: Cannot connect to SharePoint 2010 instance This in general looks like a proper NTLM authorization sequence, except for the lack of confirmation at the end. The only thing I see that I don't recognize is this: DEBUG 2012-11-07 09:56:11,212 (Thread-441) - SPRequestGuid: xxx[\r][\n] If SharePoint is expecting this GUID to be returned somehow then that would explain it, but frankly we've got a number of SP 2010 installations and that hasn't been an issue anywhere else. And, I don't expect curl would work if that was the case. It's worth a shot using a tool like WireShark to see if you can find any difference in headers etc. between curl and ManifoldCF. We've noticed in the past that the exact Host header seems to be the critical issue, so any differences there would be of interest. Karl On Wed, Nov 7, 2012 at 10:08 AM, Iannetti, Robert robert.ianne...@novartis.com wrote: Karl, We have created the NTLM SharePoint instance as instructed. The Curl command is now responding when before it would not. curl --ntlm -u domain\\username http://xxx.xxx.xxx.xxx/_vti_bin/MCPermissions.asmx -v But we are still getting an error when issuing the connection request from the ManifoldCF GUI Crawl user did not authenticate properly, or has insufficient permissions to access http://XXX.XXX.XXX.XXX: (401)Unauthorized From the log file DEBUG 2012-11-07 09:56:11,126 (Thread-441) - POST /_vti_bin/lists.asmx HTTP/1.1[\r][\n] DEBUG 2012-11-07 09:56:11,151 (Thread-441) - Content-Type: text/xml; charset=utf-8[\r][\n] DEBUG 2012-11-07 09:56:11,152 (Thread-441) - SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetListCollection[\r][\n]; DEBUG 2012-11-07 09:56:11,152 (Thread-441) - User-Agent: Axis/1.4[\r][\n] DEBUG 2012-11-07 09:56:11,152 (Thread-441) - Host: x...[\r][\n] DEBUG 2012-11-07 09:56:11,152 (Thread-441) - Transfer-Encoding: chunked[\r][\n] DEBUG 2012-11-07 09:56:11,152 (Thread-441) - [\r][\n] DEBUG 2012-11-07 09:56:11,153 (Thread-441) -
RE: Cannot connect to SharePoint 2010 instance
Thanks Karl I will have a look -Original Message- From: Karl Wright [mailto:daddy...@gmail.com] Sent: Monday, November 26, 2012 4:32 AM To: user@manifoldcf.apache.org Subject: Re: Cannot connect to SharePoint 2010 instance I've done further research on HttpComponents' support for Kerberos. It turns out that HttpComponents claims they can successfully use tickets from the local machine's ticket store. I haven't tried this here (don't have the setup for it), but it looks like it could conceivably work with MCF trunk at this point. Read up on it here: http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html Ideally, of course, we'd really want to add the ability for ManifoldCF to handle its own ticket cache, one per connection, so that each connection looks like its own independent client. In order for that to happen, connectors that support Kerberos would need to be able to kerberos authenticate. But, for right now, this may work for people needing Kerberos. Karl On Sun, Nov 11, 2012 at 8:42 AM, Karl Wright daddy...@gmail.com wrote: The port of the SharePoint connector to httpcomponents 4.2.2 is complete. I don't know whether it will help you or not, but if you check out ManifoldCF trunk (from https://svn.apache.org/repos/asf/manifoldcf/trunk) and run: ant make-core-deps build ... you will be running the latest code. It has been tried against a plain-vanilla SharePoint system using standard NTLM and found to work. If you try the new code and it works for you, that would be very interesting to know; it looks like httpcomponents has developed some support for SPNEGO, which may be what is missing in the current ManifoldCF release. Thanks, Karl On Wed, Nov 7, 2012 at 4:47 PM, Karl Wright daddy...@gmail.com wrote: MCPermissions.asmx and Lists.asmx are two different services, and the Lists.asmx is likely failing before the MCPermissions.asmx is even needed. If, for instance, you are just trying with the UI to see if you get back Connection working, this makes sense since the Lists service is called first and then the MCPermissions service is called after. FWIW, I'm starting to look into porting ManifoldCF to the httpcomponent libraries from the older httpclient 3.1 world. This will make it easier, I think, to incorporate newer additions. Thanks, Karl On Wed, Nov 7, 2012 at 3:44 PM, Iannetti, Robert robert.ianne...@novartis.com wrote: Karl, It looks like I am failing connecting to the /_vti_bin/lists.asmx service but I never see the MCPermissions.asmx in any of my trace logs. Why is that? Thanks Bob -Original Message- From: Iannetti, Robert Sent: Wednesday, November 07, 2012 10:37 AM To: user@manifoldcf.apache.org Subject: RE: Cannot connect to SharePoint 2010 instance Karl, The X's you see are me trying to make the log look generic there were valid guids present in the real log. I will try WireShark and let you know the results. Thanks Bob -Original Message- From: Karl Wright [mailto:daddy...@gmail.com] Sent: Wednesday, November 07, 2012 10:32 AM To: user@manifoldcf.apache.org Subject: Re: Cannot connect to SharePoint 2010 instance This in general looks like a proper NTLM authorization sequence, except for the lack of confirmation at the end. The only thing I see that I don't recognize is this: DEBUG 2012-11-07 09:56:11,212 (Thread-441) - SPRequestGuid: xxx[\r][\n] If SharePoint is expecting this GUID to be returned somehow then that would explain it, but frankly we've got a number of SP 2010 installations and that hasn't been an issue anywhere else. And, I don't expect curl would work if that was the case. It's worth a shot using a tool like WireShark to see if you can find any difference in headers etc. between curl and ManifoldCF. We've noticed in the past that the exact Host header seems to be the critical issue, so any differences there would be of interest. Karl On Wed, Nov 7, 2012 at 10:08 AM, Iannetti, Robert robert.ianne...@novartis.com wrote: Karl, We have created the NTLM SharePoint instance as instructed. The Curl command is now responding when before it would not. curl --ntlm -u domain\\username http://xxx.xxx.xxx.xxx/_vti_bin/MCPermissions.asmx -v But we are still getting an error when issuing the connection request from the ManifoldCF GUI Crawl user did not authenticate properly, or has insufficient permissions to access http://XXX.XXX.XXX.XXX: (401)Unauthorized From the log file DEBUG 2012-11-07 09:56:11,126 (Thread-441) - POST /_vti_bin/lists.asmx HTTP/1.1[\r][\n] DEBUG 2012-11-07 09:56:11,151 (Thread-441) - Content-Type: text/xml; charset=utf-8[\r][\n] DEBUG 2012-11-07 09:56:11,152 (Thread-441) - SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetListCollection[\r][\n]; DEBUG 2012-11-07 09:56:11,152 (Thread-441) - User-Agent: Axis/1.4[\r][\n] DEBUG 2012-11-07
RE: Cannot connect to SharePoint 2010 instance
Karl, Is there a binary release (pre -compiled version) of the manifold trunk mentioned below https://svn.apache.org/repos/asf/manifoldcf/trunk that you can point me to I am new to Linux and don't have any experience with ANT. Thanks Bob -Original Message- From: Karl Wright [mailto:daddy...@gmail.com] Sent: Monday, November 26, 2012 4:32 AM To: user@manifoldcf.apache.org Subject: Re: Cannot connect to SharePoint 2010 instance I've done further research on HttpComponents' support for Kerberos. It turns out that HttpComponents claims they can successfully use tickets from the local machine's ticket store. I haven't tried this here (don't have the setup for it), but it looks like it could conceivably work with MCF trunk at this point. Read up on it here: http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html Ideally, of course, we'd really want to add the ability for ManifoldCF to handle its own ticket cache, one per connection, so that each connection looks like its own independent client. In order for that to happen, connectors that support Kerberos would need to be able to kerberos authenticate. But, for right now, this may work for people needing Kerberos. Karl On Sun, Nov 11, 2012 at 8:42 AM, Karl Wright daddy...@gmail.com wrote: The port of the SharePoint connector to httpcomponents 4.2.2 is complete. I don't know whether it will help you or not, but if you check out ManifoldCF trunk (from https://svn.apache.org/repos/asf/manifoldcf/trunk) and run: ant make-core-deps build ... you will be running the latest code. It has been tried against a plain-vanilla SharePoint system using standard NTLM and found to work. If you try the new code and it works for you, that would be very interesting to know; it looks like httpcomponents has developed some support for SPNEGO, which may be what is missing in the current ManifoldCF release. Thanks, Karl On Wed, Nov 7, 2012 at 4:47 PM, Karl Wright daddy...@gmail.com wrote: MCPermissions.asmx and Lists.asmx are two different services, and the Lists.asmx is likely failing before the MCPermissions.asmx is even needed. If, for instance, you are just trying with the UI to see if you get back Connection working, this makes sense since the Lists service is called first and then the MCPermissions service is called after. FWIW, I'm starting to look into porting ManifoldCF to the httpcomponent libraries from the older httpclient 3.1 world. This will make it easier, I think, to incorporate newer additions. Thanks, Karl On Wed, Nov 7, 2012 at 3:44 PM, Iannetti, Robert robert.ianne...@novartis.com wrote: Karl, It looks like I am failing connecting to the /_vti_bin/lists.asmx service but I never see the MCPermissions.asmx in any of my trace logs. Why is that? Thanks Bob -Original Message- From: Iannetti, Robert Sent: Wednesday, November 07, 2012 10:37 AM To: user@manifoldcf.apache.org Subject: RE: Cannot connect to SharePoint 2010 instance Karl, The X's you see are me trying to make the log look generic there were valid guids present in the real log. I will try WireShark and let you know the results. Thanks Bob -Original Message- From: Karl Wright [mailto:daddy...@gmail.com] Sent: Wednesday, November 07, 2012 10:32 AM To: user@manifoldcf.apache.org Subject: Re: Cannot connect to SharePoint 2010 instance This in general looks like a proper NTLM authorization sequence, except for the lack of confirmation at the end. The only thing I see that I don't recognize is this: DEBUG 2012-11-07 09:56:11,212 (Thread-441) - SPRequestGuid: xxx[\r][\n] If SharePoint is expecting this GUID to be returned somehow then that would explain it, but frankly we've got a number of SP 2010 installations and that hasn't been an issue anywhere else. And, I don't expect curl would work if that was the case. It's worth a shot using a tool like WireShark to see if you can find any difference in headers etc. between curl and ManifoldCF. We've noticed in the past that the exact Host header seems to be the critical issue, so any differences there would be of interest. Karl On Wed, Nov 7, 2012 at 10:08 AM, Iannetti, Robert robert.ianne...@novartis.com wrote: Karl, We have created the NTLM SharePoint instance as instructed. The Curl command is now responding when before it would not. curl --ntlm -u domain\\username http://xxx.xxx.xxx.xxx/_vti_bin/MCPermissions.asmx -v But we are still getting an error when issuing the connection request from the ManifoldCF GUI Crawl user did not authenticate properly, or has insufficient permissions to access http://XXX.XXX.XXX.XXX: (401)Unauthorized From the log file DEBUG 2012-11-07 09:56:11,126 (Thread-441) - POST /_vti_bin/lists.asmx HTTP/1.1[\r][\n] DEBUG 2012-11-07 09:56:11,151 (Thread-441) - Content-Type: text/xml; charset=utf-8[\r][\n] DEBUG 2012-11-07