It must mean we're somehow throwing an exception in the case where the user is missing. I bet I know why - the CN lookup is failing instead. I'll see if I can change it.
Karl On Thu, May 5, 2011 at 6:43 PM, Kadri Atalay <atalay.ka...@gmail.com> wrote: > It works, only difference I see with previous one is: if a domain is > reachable, message usernotfound makes a better indicator, somehow we lost > that. > > > C:\OPT>testauthority > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser"; > UNREACHABLEAUTHORITY:TEQA-DC > TOKEN:TEQA-DC:DEAD_AUTHORITY > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser@fakedomain"; > UNREACHABLEAUTHORITY:TEQA-DC > TOKEN:TEQA-DC:DEAD_AUTHORITY > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeu...@teqa.filetek.com"; > UNREACHABLEAUTHORITY:TEQA-DC > TOKEN:TEQA-DC:DEAD_AUTHORITY > > Previous one > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeu...@teqa.filetek.com"; > USERNOTFOUND:TEQA-DC > TOKEN:TEQA-DC:DEAD_AUTHORITY > > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa"; > UNREACHABLEAUTHORITY:TEQA-DC > TOKEN:TEQA-DC:DEAD_AUTHORITY > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; > AUTHORIZED:TEQA-DC > TOKEN:TEQA-DC:S-1-5-32-545 > TOKEN:TEQA-DC:S-1-5-32-544 > TOKEN:TEQA-DC:S-1-5-32-555 > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124 > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480 > TOKEN:TEQA-DC:S-1-1-0 > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=kata...@teqa.filetek.com"; > AUTHORIZED:TEQA-DC > TOKEN:TEQA-DC:S-1-5-32-545 > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 > TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1473 > TOKEN:TEQA-DC:S-1-1-0 > > C:\OPT>curl > "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay@fakedomain"; > UNREACHABLEAUTHORITY:TEQA-DC > TOKEN:TEQA-DC:DEAD_AUTHORITY > > > On Thu, May 5, 2011 at 6:29 PM, Karl Wright <daddy...@gmail.com> wrote: >> >> I've cleaned things up slightly to restore the objectSid and also to >> fix an infinite loop ifyou have more than one comma in the escape >> expression. I've attached the file, can you see if it works? >> >> Thanks, >> Karl >> >> >> On Thu, May 5, 2011 at 6:23 PM, Karl Wright <daddy...@gmail.com> wrote: >> > Thanks - we do need the user sid, so I will put that back. >> > >> > Also, I'd like to ask what you know about escaping the user name in >> > this expression: >> > >> > String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName >> > + "))"; >> > >> > It seems to me that there is probably some escaping needed, but I >> > don't know what style. Do you think it is the same (C-style, with \ >> > escape) as for the other case? >> > >> > Karl >> > >> > On Thu, May 5, 2011 at 6:20 PM, Kadri Atalay <atalay.ka...@gmail.com> >> > wrote: >> >> Hi Karl, >> >> >> >> String returnedAtts[]={"tokenGroups"} is ONLY returning the >> >> memberGroups, >> >> >> >> C:\OPT>curl >> >> >> >> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >> >> AUTHORIZED:TEQA-DC >> >> TOKEN:TEQA-DC:S-1-5-32-545 >> >> TOKEN:TEQA-DC:S-1-5-32-544 >> >> TOKEN:TEQA-DC:S-1-5-32-555 >> >> TOKEN:TEQA-DC:S-1-5-21- >> >> 1212545812-2858578934-3563067286-1124 >> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >> >> TOKEN:TEQA-DC:S-1-1-0 >> >> >> >> but, >> >> >> >> - String returnedAtts[] = {"tokenGroups","objectSid"}; is returning >> >> memberGroups AND SID for that user. >> >> >> >> C:\OPT>curl >> >> >> >> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >> >> AUTHORIZED:TEQA-DC >> >> TOKEN:TEQA-DC:S-1-5-32-545 >> >> TOKEN:TEQA-DC:S-1-5-32-544 >> >> TOKEN:TEQA-DC:S-1-5-32-555 >> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124 >> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >> >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480 >> >> TOKEN:TEQA-DC:S-1-1-0 >> >> >> >> Since we are only interested in the member groups, tokenGroups is >> >> sufficient, but if you also need user SID then you might keep the >> >> objectSID >> >> as well. >> >> >> >> Thanks >> >> >> >> Kadri >> >> >> >> >> >> On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddy...@gmail.com> wrote: >> >>> >> >>> I am curious about the following change, which does not seem correct: >> >>> >> >>> >> >>> //Specify the attributes to return >> >>> - String returnedAtts[] = {"tokenGroups","objectSid"}; >> >>> + String returnedAtts[]={"tokenGroups"}; >> >>> searchCtls.setReturningAttributes(returnedAtts); >> >>> >> >>> Karl >> >>> >> >>> >> >>> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.ka...@gmail.com> >> >>> wrote: >> >>> > Karl, >> >>> > >> >>> > The ActiveDirectoryAuthority.java is attached. >> >>> > >> >>> > I'm not sure about clicking "Grant ASF License", or how to do that >> >>> > from >> >>> > Tortoise. >> >>> > But, you got my consent for granting the ASF license. >> >>> > >> >>> > Thanks >> >>> > >> >>> > Kadri >> >>> > >> >>> > >> >>> > On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddy...@gmail.com> >> >>> > wrote: >> >>> >> >> >>> >> You may attach the whole ActiveDirectoryAuthority.java file to the >> >>> >> ticket if you prefer. But you must click the "Grant ASF License" >> >>> >> button. >> >>> >> >> >>> >> Karl >> >>> >> >> >>> >> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay >> >>> >> <atalay.ka...@gmail.com> >> >>> >> wrote: >> >>> >> > Karl, >> >>> >> > >> >>> >> > I'm using the Tortoise SVN, and new to SVN.. >> >>> >> > Do you know how to do this with Tortoise ? >> >>> >> > Otherwise, I can just send the source code directly to you. >> >>> >> > BTW, there are some changes in the ParseUser method also, you can >> >>> >> > see >> >>> >> > all >> >>> >> > when you run the diff. >> >>> >> > >> >>> >> > Thanks >> >>> >> > >> >>> >> > Kadri >> >>> >> > >> >>> > >> >>> > >> >> >> >> >> > > >
