Hi Cihad,
The code for looking for document ACLs is as follows:
>>>>>>
Object node = nodeList.get( i );
String mask = doc.getValue( node, "Mask" );
long maskValue = new Long(mask).longValue();
if ((maskValue & 1L) == 1L)
{
// Permission to view
String isUser = doc.getValue( node, "MemberIsUser" );
if ( isUser.compareToIgnoreCase("True") == 0 )
{
// Use AD user or group
String userLogin = doc.getValue( node, "UserLogin" );
String userSid = getSidForUser( userCall, userLogin,
activeDirectoryAuthority );
sids.add( userSid );
}
else
{
// Role
List<String> roleSids;
String roleName = doc.getValue( node, "RoleName" );
if ( roleName.length() == 0)
{
roleName = doc.getValue(node,"GroupName");
roleSids = getSidsForGroup(userCall, roleName,
activeDirectoryAuthority);
}
else
{
roleSids = getSidsForRole(userCall, roleName,
activeDirectoryAuthority);
}
for (String sid : roleSids)
{
sids.add( sid );
}
}
}
<<<<<<
So, in your example, getSidsForGroup() should be getting called. The code
for that is as follows:
>>>>>>
private List<String>
getSidsForGroup(com.microsoft.schemas.sharepoint.soap.directory.UserGroupSoap
userCall, String groupName,
boolean activeDirectoryAuthority)
throws ManifoldCFException, java.net.MalformedURLException,
javax.xml.rpc.ServiceException, java.rmi.RemoteException
{
List<String> rval = new ArrayList<String>();
com.microsoft.schemas.sharepoint.soap.directory.GetUserCollectionFromGroupResponseGetUserCollectionFromGroupResult
roleResp = userCall.getUserCollectionFromGroup(groupName);
org.apache.axis.message.MessageElement[] roleList = roleResp.get_any();
if (roleList.length != 1)
throw new ManifoldCFException("Bad response - expecting one outer
'GetUserCollectionFromGroup' node, saw "+Integer.toString(roleList.length));
MessageElement roles = roleList[0];
if
(!roles.getElementName().getLocalName().equals("GetUserCollectionFromGroup"))
throw new ManifoldCFException("Bad response - outer node should have
been 'GetUserCollectionFromGroup' node");
Iterator rolesIter = roles.getChildElements();
if (!activeDirectoryAuthority)
{
// We need not only the group itself, but its user children that are
Claims-based entities
rval.add("G"+groupName);
while (rolesIter.hasNext())
{
MessageElement child = (MessageElement)rolesIter.next();
if (child.getElementName().getLocalName().equals("Users"))
{
Iterator usersIterator = child.getChildElements();
while (usersIterator.hasNext())
{
MessageElement user = (MessageElement)usersIterator.next();
if (user.getElementName().getLocalName().equals("User"))
{
String isDomainGroup = user.getAttribute("IsDomainGroup");
if (isDomainGroup != null && isDomainGroup.equals("True"))
{
// Add a user token for the domain group
rval.add("U"+user.getAttribute("LoginName"));
}
}
}
}
}
}
else
{
while (rolesIter.hasNext())
{
MessageElement child = (MessageElement)rolesIter.next();
if (child.getElementName().getLocalName().equals("Users"))
{
Iterator usersIterator = child.getChildElements();
while (usersIterator.hasNext())
{
MessageElement user = (MessageElement)usersIterator.next();
if (user.getElementName().getLocalName().equals("User"))
{
rval.add(user.getAttribute("Sid"));
}
}
}
}
}
return rval;
}
<<<<<<
So what happens there depends on what you've selected for the connection's
"use Active Directory authority" selection. What have you chosen?
Karl
On Wed, Dec 28, 2016 at 5:35 AM, Cihad Guzel <[email protected]> wrote:
> Hi Karl,
>
> 1- Yes, I selected Sharepoint 2013,
> 2- Yes, I installed the plugin in my Sharepoint server.
>
> 2016-12-28 2:54 GMT+03:00 Karl Wright <[email protected]>:
>
>> Hi Cihad,
>>
>> Some questions:
>> (1) Have you selected "SharePoint 2013" in your SharePoint connection?
>> (2) Have you installed the ManifoldCF SharePoint 2013 plugin on your
>> SharePoint server?
>>
>> You will need to do both of these in order for SharePoint 2013 ACLs to
>> work right.
>>
>> Thanks,
>> Karl
>>
>>
>> On Tue, Dec 27, 2016 at 3:01 PM, Cihad Guzel <[email protected]> wrote:
>>
>>> Hi,
>>>
>>> I am trying MFC with Sharepoint 2013. First, I install the sharepoint
>>> plugin and then run my job. My files in sharepoint are indexed successfully
>>> to Solr. But I don't see the ACLs in solr index. You can see my sample solr
>>> data as follow:
>>>
>>> "filename":"Sample.doc",
>>> "allow_token_document":["Authority+Group:"], "deny_token_document":[
>>> "Authority+Group:DEAD_AUTHORITY"], "deny_token_parent":["__nosecurity__"
>>> ], "allow_token_share":["__nosecurity__"], "allow_token_parent":[
>>> "__nosecurity__"], "deny_token_share":["__nosecurity__"],
>>>
>>> I run Sharepoint connector with debug mode. I follow Manifoldcf log but
>>> I don't see any error in it. I can see "getDocumentACLs xml response:" in
>>> the log as follow:
>>>
>>> <ns1:GetPermissionCollection ><ns1:Permissions>
>>> ...
>>> <ns1:Permission MemberID="3" Mask="-1" MemberIsUser="False"
>>> MemberGlobal="True" GroupName="testsite Owners"/>
>>> ...
>>> </ns1:Permissions>
>>> </ns1:GetPermissionCollection>
>>>
>>> How do I follow a way to solve the problem?
>>>
>>>
>>> --
>>> Regards
>>> Cihad Güzel
>>>
>>
>>
>
>
> --
> Teşekkürler
> Cihad Güzel
>
