FWIW, I only have one repository connection defined, and only one authority group.
Phil This message optimized for indexing by NSA PRISM On Sat, Dec 2, 2017 at 4:55 AM, Karl Wright <[email protected]> wrote: > Hi Phil, > > If you are using a different repository connection for the second Alfresco > crawl, is it possible you may have misconfigured the connection to refer to > the wrong authority group, or none at all? All connections that you need to > be authorized together need to be part of the same group. > > Karl > > > On Sat, Dec 2, 2017 at 4:32 AM, Phillip Rhodes <[email protected]> > wrote: >> >> Hello all, I thought I had this all figured out, but I built a new >> environment and it's not behaving as expected. Not sure if I changed >> something I shouldn't have or if it was never really working, but >> here's the situation: >> >> 1. I have an Alfresco server storing documents. There are 65 docs in >> the built in "sample" space, which defaults to allowing access to >> everyone. >> 2. With the MCF SearchComponent installed into Solr, if I pass the >> AuthenticatedUserName parameter with any value, I get back all 65 >> documents as expected. >> 3. I added another space in Alfresco that only allows access for 4 >> specific users... testuser1, testuser2, testuser3, and testuser4. If I >> log into Alfresco as any of those users I can view and/or upload >> content to the space. >> 4. I put 7 documents in that space, and re-indexed with MCF. >> 5. Solr now shows a total of 72 documents for the core in question. >> 6. But, if I pass AuthenticatedUserName=testuser1 with my query, I >> still only see the 65 docs from the other space. >> 7. If I temporarily turn off the MCF SearchComponent in Solr, I can >> see the docs from the "locked down" space. >> >> I set the various token fields to stored="true" so I can see what is >> getting stored, and here's what I see for one sample document (one >> that isn't being returned with the SearchComponent enabled, but which >> should be). >> >> "allow_token_document":["Alfresco:testuser1", "Alfresco:testuser2", >> "Alfresco:testuser3", "Alfresco:testuser4"], >> "deny_token_document":["__nosecurity__"], >> "deny_token_parent":["__nosecurity__"], >> "allow_token_share":["__nosecurity__"], >> "allow_token_parent":["__nosecurity__"], >> "deny_token_share":["__nosecurity__"], >> >> Two things jump out to me: >> >> 1. I don't have entries for those users in allow_token_share and >> allow_token_parent (and I'm not sure why not. This part seems to be a >> black box from the perspective of configuring MCF to crawl Alfresco) >> >> 2. The "domain" part in the entries in allow_token_document is coming >> up as "Alfresco". I tried adding AuthenticatedUserDomain=Alfresco to >> my queries, but that didn't make any difference. >> >> Can anybody see what is is that I'm missing here? Is there maybe >> something I need to do either in MCF or in Alfresco to make sure those >> allow_token_share and allow_token_parent entries get populated, or is >> it something else? >> >> Any thoughts / suggestions are greatly appreciated. >> >> >> Phil >> >> >> >> This message optimized for indexing by NSA PRISM > >
