Hi Cihad, In your case, then, the connector is calling the "Users:GetUserCollectionFromGroup" SOAP method in the SharePoint API. This method is supposed to list the users that belong to the group, but I suspect that your SharePoint instance is not set up to work in that way, and that you should in fact set your MCF up as follows:
- Do NOT select the "Active directory" setting. Use "claims-based" instead. - Use the appropriate SharePoint "native" authority. Read up on how to do that here: http://manifoldcf.apache.org/release/release-2.5/en_US/end-user-documentation.html#sharepointrepository Thanks, Karl On Wed, Dec 28, 2016 at 6:26 AM, Cihad Guzel <[email protected]> wrote: > Hi Karl, > > I selected "Active Directory". My SharePoint server run with Active > Directory. > > 2016-12-28 14:13 GMT+03:00 Karl Wright <[email protected]>: > >> Hi Cihad, >> >> The code for looking for document ACLs is as follows: >> >> >>>>>> >> Object node = nodeList.get( i ); >> String mask = doc.getValue( node, "Mask" ); >> long maskValue = new Long(mask).longValue(); >> if ((maskValue & 1L) == 1L) >> { >> // Permission to view >> String isUser = doc.getValue( node, "MemberIsUser" ); >> >> if ( isUser.compareToIgnoreCase("True") == 0 ) >> { >> // Use AD user or group >> String userLogin = doc.getValue( node, "UserLogin" ); >> String userSid = getSidForUser( userCall, userLogin, >> activeDirectoryAuthority ); >> sids.add( userSid ); >> } >> else >> { >> // Role >> List<String> roleSids; >> String roleName = doc.getValue( node, "RoleName" ); >> if ( roleName.length() == 0) >> { >> roleName = doc.getValue(node,"GroupName"); >> roleSids = getSidsForGroup(userCall, roleName, >> activeDirectoryAuthority); >> } >> else >> { >> roleSids = getSidsForRole(userCall, roleName, >> activeDirectoryAuthority); >> } >> >> for (String sid : roleSids) >> { >> sids.add( sid ); >> } >> } >> } >> >> <<<<<< >> >> So, in your example, getSidsForGroup() should be getting called. The >> code for that is as follows: >> >> >>>>>> >> private List<String> getSidsForGroup(com.microsoft. >> schemas.sharepoint.soap.directory.UserGroupSoap userCall, String >> groupName, >> boolean activeDirectoryAuthority) >> throws ManifoldCFException, java.net.MalformedURLException, >> javax.xml.rpc.ServiceException, java.rmi.RemoteException >> { >> List<String> rval = new ArrayList<String>(); >> >> com.microsoft.schemas.sharepoint.soap.directory.GetUserColle >> ctionFromGroupResponseGetUserCollectionFromGroupResult roleResp = >> userCall.getUserCollectionFromGroup(groupName); >> org.apache.axis.message.MessageElement[] roleList = >> roleResp.get_any(); >> >> if (roleList.length != 1) >> throw new ManifoldCFException("Bad response - expecting one outer >> 'GetUserCollectionFromGroup' node, saw "+Integer.toString(roleList.le >> ngth)); >> >> MessageElement roles = roleList[0]; >> if (!roles.getElementName().getLocalName().equals("GetUserColle >> ctionFromGroup")) >> throw new ManifoldCFException("Bad response - outer node should >> have been 'GetUserCollectionFromGroup' node"); >> >> Iterator rolesIter = roles.getChildElements(); >> >> if (!activeDirectoryAuthority) >> { >> // We need not only the group itself, but its user children that >> are Claims-based entities >> rval.add("G"+groupName); >> while (rolesIter.hasNext()) >> { >> MessageElement child = (MessageElement)rolesIter.next(); >> if (child.getElementName().getLocalName().equals("Users")) >> { >> Iterator usersIterator = child.getChildElements(); >> while (usersIterator.hasNext()) >> { >> MessageElement user = (MessageElement)usersIterator.next(); >> if (user.getElementName().getLocalName().equals("User")) >> { >> String isDomainGroup = user.getAttribute("IsDomainGroup"); >> if (isDomainGroup != null && isDomainGroup.equals("True")) >> { >> // Add a user token for the domain group >> rval.add("U"+user.getAttribute("LoginName")); >> } >> } >> } >> } >> } >> } >> else >> { >> while (rolesIter.hasNext()) >> { >> MessageElement child = (MessageElement)rolesIter.next(); >> if (child.getElementName().getLocalName().equals("Users")) >> { >> Iterator usersIterator = child.getChildElements(); >> while (usersIterator.hasNext()) >> { >> MessageElement user = (MessageElement)usersIterator.next(); >> if (user.getElementName().getLocalName().equals("User")) >> { >> rval.add(user.getAttribute("Sid")); >> } >> } >> } >> } >> } >> return rval; >> } >> >> <<<<<< >> >> So what happens there depends on what you've selected for the >> connection's "use Active Directory authority" selection. What have you >> chosen? >> >> Karl >> >> On Wed, Dec 28, 2016 at 5:35 AM, Cihad Guzel <[email protected]> wrote: >> >>> Hi Karl, >>> >>> 1- Yes, I selected Sharepoint 2013, >>> 2- Yes, I installed the plugin in my Sharepoint server. >>> >>> 2016-12-28 2:54 GMT+03:00 Karl Wright <[email protected]>: >>> >>>> Hi Cihad, >>>> >>>> Some questions: >>>> (1) Have you selected "SharePoint 2013" in your SharePoint connection? >>>> (2) Have you installed the ManifoldCF SharePoint 2013 plugin on your >>>> SharePoint server? >>>> >>>> You will need to do both of these in order for SharePoint 2013 ACLs to >>>> work right. >>>> >>>> Thanks, >>>> Karl >>>> >>>> >>>> On Tue, Dec 27, 2016 at 3:01 PM, Cihad Guzel <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> I am trying MFC with Sharepoint 2013. First, I install the sharepoint >>>>> plugin and then run my job. My files in sharepoint are indexed >>>>> successfully >>>>> to Solr. But I don't see the ACLs in solr index. You can see my sample >>>>> solr >>>>> data as follow: >>>>> >>>>> "filename":"Sample.doc", >>>>> "allow_token_document":["Authority+Group:"], "deny_token_document":[ >>>>> "Authority+Group:DEAD_AUTHORITY"], "deny_token_parent":["__nosecu >>>>> rity__"], "allow_token_share":["__nosecurity__"], "allow_token_parent >>>>> ":["__nosecurity__"], "deny_token_share":["__nosecurity__"], >>>>> >>>>> I run Sharepoint connector with debug mode. I follow Manifoldcf log >>>>> but I don't see any error in it. I can see "getDocumentACLs xml >>>>> response:" in >>>>> the log as follow: >>>>> >>>>> <ns1:GetPermissionCollection ><ns1:Permissions> >>>>> ... >>>>> <ns1:Permission MemberID="3" Mask="-1" MemberIsUser="False" >>>>> MemberGlobal="True" GroupName="testsite Owners"/> >>>>> ... >>>>> </ns1:Permissions> >>>>> </ns1:GetPermissionCollection> >>>>> >>>>> How do I follow a way to solve the problem? >>>>> >>>>> >>>>> -- >>>>> Regards >>>>> Cihad Güzel >>>>> >>>> >>>> >>> >>> >>> -- >>> Teşekkürler >>> Cihad Güzel >>> >> >> > > > -- > Teşekkürler > Cihad Güzel >
