Hi Karl, Thanks a lot for the information. I added second AD domain to the same Active Directory authority and it works fine now :)
Regards Kambiz ________________________________ From: Karl Wright <[email protected]> To: "[email protected]" <[email protected]>; Kambiz Niktabar <[email protected]> Sent: Tuesday, October 28, 2014 5:24 PM Subject: Re: Two Active directory connections in Authority group I should also add that it is really helpful for diagnosing problems of this kind to use curl, e.g.: curl http://localhost:8345/mcf-authority-service/[email protected] ... and see what gets returned. If you see DEAD_AUTHORITY in the list of acls, don't expect to see any documents from the associated authority group. Thanks, Karl On Tue, Oct 28, 2014 at 12:09 PM, Karl Wright <[email protected]> wrote: Hi Kambiz, > >The Active Directory authority is not an "additive" authority, so you cannot >use it within the same authorization group with other authorities, and expect >it to work cumulatively. The reason is that when there is a problem (e.g. >user not found or server unreachable), the authority asserts the >"DEAD_AUTHORITY" token, which effectively disables any documents from being >returned. This is necessary whenever the repository has a security model that >has "deny" tokens, and that's the case for most repositories secured by Active >Directory. > >For this reason, we long ago added the ability to have multiple Active >Directory domains within the same Active Directory authority. This is what >you should use, since it will behave in the manner you expect. > >Thanks, >Karl > > > > >On Tue, Oct 28, 2014 at 11:35 AM, Kambiz Niktabar <[email protected]> wrote: > >Hello, >> >> >>I want to have two active directory connections (intranet and extranet AD) in one Authority group but it seems it’s not working as expected. I’m getting hits when I have only Intranet AD in the authority group and I got zero hits when I add Extranet AD into the same authority group >> >> >> >>I attached Solr log files for two scenarios. >> >> >>Regards >>Kambiz >
