Fyi. The file I sent you was returning usernotfound.
Sent from my iPhone On May 5, 2011, at 7:12 PM, Karl Wright <daddy...@gmail.com> wrote: > It must mean we're somehow throwing an exception in the case where the > user is missing. I bet I know why - the CN lookup is failing instead. > I'll see if I can change it. > > Karl > > On Thu, May 5, 2011 at 6:43 PM, Kadri Atalay <atalay.ka...@gmail.com> wrote: >> It works, only difference I see with previous one is: if a domain is >> reachable, message usernotfound makes a better indicator, somehow we lost >> that. >> >> >> C:\OPT>testauthority >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser"; >> UNREACHABLEAUTHORITY:TEQA-DC >> TOKEN:TEQA-DC:DEAD_AUTHORITY >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser@fakedomain"; >> UNREACHABLEAUTHORITY:TEQA-DC >> TOKEN:TEQA-DC:DEAD_AUTHORITY >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeu...@teqa.filetek.com"; >> UNREACHABLEAUTHORITY:TEQA-DC >> TOKEN:TEQA-DC:DEAD_AUTHORITY >> >> Previous one >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeu...@teqa.filetek.com"; >> USERNOTFOUND:TEQA-DC >> TOKEN:TEQA-DC:DEAD_AUTHORITY >> >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa"; >> UNREACHABLEAUTHORITY:TEQA-DC >> TOKEN:TEQA-DC:DEAD_AUTHORITY >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >> AUTHORIZED:TEQA-DC >> TOKEN:TEQA-DC:S-1-5-32-545 >> TOKEN:TEQA-DC:S-1-5-32-544 >> TOKEN:TEQA-DC:S-1-5-32-555 >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124 >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480 >> TOKEN:TEQA-DC:S-1-1-0 >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=kata...@teqa.filetek.com"; >> AUTHORIZED:TEQA-DC >> TOKEN:TEQA-DC:S-1-5-32-545 >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1473 >> TOKEN:TEQA-DC:S-1-1-0 >> >> C:\OPT>curl >> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay@fakedomain"; >> UNREACHABLEAUTHORITY:TEQA-DC >> TOKEN:TEQA-DC:DEAD_AUTHORITY >> >> >> On Thu, May 5, 2011 at 6:29 PM, Karl Wright <daddy...@gmail.com> wrote: >>> >>> I've cleaned things up slightly to restore the objectSid and also to >>> fix an infinite loop ifyou have more than one comma in the escape >>> expression. I've attached the file, can you see if it works? >>> >>> Thanks, >>> Karl >>> >>> >>> On Thu, May 5, 2011 at 6:23 PM, Karl Wright <daddy...@gmail.com> wrote: >>>> Thanks - we do need the user sid, so I will put that back. >>>> >>>> Also, I'd like to ask what you know about escaping the user name in >>>> this expression: >>>> >>>> String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName >>>> + "))"; >>>> >>>> It seems to me that there is probably some escaping needed, but I >>>> don't know what style. Do you think it is the same (C-style, with \ >>>> escape) as for the other case? >>>> >>>> Karl >>>> >>>> On Thu, May 5, 2011 at 6:20 PM, Kadri Atalay <atalay.ka...@gmail.com> >>>> wrote: >>>>> Hi Karl, >>>>> >>>>> String returnedAtts[]={"tokenGroups"} is ONLY returning the >>>>> memberGroups, >>>>> >>>>> C:\OPT>curl >>>>> >>>>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >>>>> AUTHORIZED:TEQA-DC >>>>> TOKEN:TEQA-DC:S-1-5-32-545 >>>>> TOKEN:TEQA-DC:S-1-5-32-544 >>>>> TOKEN:TEQA-DC:S-1-5-32-555 >>>>> TOKEN:TEQA-DC:S-1-5-21- >>>>> 1212545812-2858578934-3563067286-1124 >>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >>>>> TOKEN:TEQA-DC:S-1-1-0 >>>>> >>>>> but, >>>>> >>>>> - String returnedAtts[] = {"tokenGroups","objectSid"}; is returning >>>>> memberGroups AND SID for that user. >>>>> >>>>> C:\OPT>curl >>>>> >>>>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >>>>> AUTHORIZED:TEQA-DC >>>>> TOKEN:TEQA-DC:S-1-5-32-545 >>>>> TOKEN:TEQA-DC:S-1-5-32-544 >>>>> TOKEN:TEQA-DC:S-1-5-32-555 >>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124 >>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480 >>>>> TOKEN:TEQA-DC:S-1-1-0 >>>>> >>>>> Since we are only interested in the member groups, tokenGroups is >>>>> sufficient, but if you also need user SID then you might keep the >>>>> objectSID >>>>> as well. >>>>> >>>>> Thanks >>>>> >>>>> Kadri >>>>> >>>>> >>>>> On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddy...@gmail.com> wrote: >>>>>> >>>>>> I am curious about the following change, which does not seem correct: >>>>>> >>>>>> >>>>>> //Specify the attributes to return >>>>>> - String returnedAtts[] = {"tokenGroups","objectSid"}; >>>>>> + String returnedAtts[]={"tokenGroups"}; >>>>>> searchCtls.setReturningAttributes(returnedAtts); >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.ka...@gmail.com> >>>>>> wrote: >>>>>>> Karl, >>>>>>> >>>>>>> The ActiveDirectoryAuthority.java is attached. >>>>>>> >>>>>>> I'm not sure about clicking "Grant ASF License", or how to do that >>>>>>> from >>>>>>> Tortoise. >>>>>>> But, you got my consent for granting the ASF license. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Kadri >>>>>>> >>>>>>> >>>>>>> On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddy...@gmail.com> >>>>>>> wrote: >>>>>>>> >>>>>>>> You may attach the whole ActiveDirectoryAuthority.java file to the >>>>>>>> ticket if you prefer. But you must click the "Grant ASF License" >>>>>>>> button. >>>>>>>> >>>>>>>> Karl >>>>>>>> >>>>>>>> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay >>>>>>>> <atalay.ka...@gmail.com> >>>>>>>> wrote: >>>>>>>>> Karl, >>>>>>>>> >>>>>>>>> I'm using the Tortoise SVN, and new to SVN.. >>>>>>>>> Do you know how to do this with Tortoise ? >>>>>>>>> Otherwise, I can just send the source code directly to you. >>>>>>>>> BTW, there are some changes in the ParseUser method also, you can >>>>>>>>> see >>>>>>>>> all >>>>>>>>> when you run the diff. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> Kadri >>>>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>> >> >>
