Secure search in Solr

[Swapna Vuppala <sw...@gmail.com>]

Hi Karl,

I have had everything working when I worked earlier with ManifoldCF 0.5 and
Solr 3.6.

I tried to move to the new versions and started configuring ManifoldCF
1.1.1 and Solr 4.1.
Everything worked well and I was able to define all connections in
ManifoldCF and ran jobs and the files got indexed into Solr.

But the document-level secure integration with Solr is not working for me.
I mean, after modifying the solr schema and configuring the
search component in solrconfig.xml, am not able to see any results in solr.

To confirm if mcf is working properly, I tried the command

curl "
http://localhost:8080/mcf-authority-service/UserACLs?username=swapna.vuppala@global.arup.com
"

and it gives me

USERNOTFOUND:AD
TOKEN:AD:DEAD_AUTHORITY

which was not the case earlier.

Can you please tell me under what circumstances I would be getting such
thing or what have I missed in configuring mcf?

Thanks and Regards,
Swapna.

Re: Secure search in Solr

[Swapna Vuppala <sw...@gmail.com>]

Hi Karl,

You were right. While defining the connection, unknowingly I had added a
domain controller rule specifying some Domain suffix.
After removing the rule, am getting the results properly from curl command.
And the results are being shown in Solr as well.

Thanks again for the quick help,

Thanks and Regards,
Swapna.

On Tue, Feb 26, 2013 at 2:18 PM, Swapna Vuppala
<sw...@gmail.com>wrote:

> Hi Karl,
>
> I have deleted all the previous connections and started from scratch.
> This is a NEW connection.
>
> As you suggested, I'll try changing different parameters of the connection
> and see how it works.
>
> Thanks and Regards,
> Swapna.
>
>
> On Tue, Feb 26, 2013 at 2:02 PM, Karl Wright <da...@gmail.com> wrote:
>
>> Looking at the code, one other way you can get this error is if the
>> suffix you have attached to your user ("global.arup.com" in this case)
>> does not match any of the domain controller rules you have specified.
>> So you will want to verify that as well.
>>
>> Karl
>>
>> On Tue, Feb 26, 2013 at 3:21 AM, Karl Wright <da...@gmail.com> wrote:
>> > Hi Swapna,
>> >
>> > What it is saying is that the user you supplied is not being
>> > recognized as a valid user against the domain controller you have
>> > configured for your Active Directory authority connection.
>> >
>> > If this is a connection that has been around from before you upgraded,
>> > then I'd suggest the following.  Since the last time you upgraded, a
>> > significant number of changes have taken place to the ActiveDirectory
>> > Connector.  While we tried to maintain backwards compatibility
>> > everywhere, it is certainly possible that something was overlooked.
>> > What I suggest is that you open the authority connection in the UI,
>> > and even if everything looks fine, save it.  This will upgrade the way
>> > the connection is saved, and potentially upgrade it.
>> >
>> > If this is a NEW connection, and you were simply trying to recreate an
>> > older one from memory, I would look at the parameters very carefully.
>> > Specifically, your choice of what AD attribute is used to match the
>> > user could change what name you use for each user.  If you have access
>> > to the domain controller you will want to verify you've made the right
>> > selection; the default attribute is not the same as before, and
>> > although upgrade should have preserved existing behavior, you will not
>> > get the benefit of that if you created a new connection from scratch.
>> >
>> > If you send us more information about how you did the upgrade, we
>> > might be of more help.
>> >
>> > Karl
>> >
>> >
>> > On Tue, Feb 26, 2013 at 1:10 AM, Swapna Vuppala
>> > <sw...@gmail.com> wrote:
>> >> Hi Karl,
>> >>
>> >> I have had everything working when I worked earlier with ManifoldCF
>> 0.5 and
>> >> Solr 3.6.
>> >>
>> >> I tried to move to the new versions and started configuring ManifoldCF
>> 1.1.1
>> >> and Solr 4.1.
>> >> Everything worked well and I was able to define all connections in
>> >> ManifoldCF and ran jobs and the files got indexed into Solr.
>> >>
>> >> But the document-level secure integration with Solr is not working for
>> me. I
>> >> mean, after modifying the solr schema and configuring the
>> >> search component in solrconfig.xml, am not able to see any results in
>> solr.
>> >>
>> >> To confirm if mcf is working properly, I tried the command
>> >>
>> >> curl
>> >> "
>> http://localhost:8080/mcf-authority-service/UserACLs?username=swapna.vuppala@global.arup.com
>> "
>> >>
>> >> and it gives me
>> >>
>> >> USERNOTFOUND:AD
>> >> TOKEN:AD:DEAD_AUTHORITY
>> >>
>> >> which was not the case earlier.
>> >>
>> >> Can you please tell me under what circumstances I would be getting such
>> >> thing or what have I missed in configuring mcf?
>> >>
>> >> Thanks and Regards,
>> >> Swapna.
>>
>
>

Re: Secure search in Solr

[Swapna Vuppala <sw...@gmail.com>]

Hi Karl,

I have deleted all the previous connections and started from scratch.
This is a NEW connection.

As you suggested, I'll try changing different parameters of the connection
and see how it works.

Thanks and Regards,
Swapna.

On Tue, Feb 26, 2013 at 2:02 PM, Karl Wright <da...@gmail.com> wrote:

> Looking at the code, one other way you can get this error is if the
> suffix you have attached to your user ("global.arup.com" in this case)
> does not match any of the domain controller rules you have specified.
> So you will want to verify that as well.
>
> Karl
>
> On Tue, Feb 26, 2013 at 3:21 AM, Karl Wright <da...@gmail.com> wrote:
> > Hi Swapna,
> >
> > What it is saying is that the user you supplied is not being
> > recognized as a valid user against the domain controller you have
> > configured for your Active Directory authority connection.
> >
> > If this is a connection that has been around from before you upgraded,
> > then I'd suggest the following.  Since the last time you upgraded, a
> > significant number of changes have taken place to the ActiveDirectory
> > Connector.  While we tried to maintain backwards compatibility
> > everywhere, it is certainly possible that something was overlooked.
> > What I suggest is that you open the authority connection in the UI,
> > and even if everything looks fine, save it.  This will upgrade the way
> > the connection is saved, and potentially upgrade it.
> >
> > If this is a NEW connection, and you were simply trying to recreate an
> > older one from memory, I would look at the parameters very carefully.
> > Specifically, your choice of what AD attribute is used to match the
> > user could change what name you use for each user.  If you have access
> > to the domain controller you will want to verify you've made the right
> > selection; the default attribute is not the same as before, and
> > although upgrade should have preserved existing behavior, you will not
> > get the benefit of that if you created a new connection from scratch.
> >
> > If you send us more information about how you did the upgrade, we
> > might be of more help.
> >
> > Karl
> >
> >
> > On Tue, Feb 26, 2013 at 1:10 AM, Swapna Vuppala
> > <sw...@gmail.com> wrote:
> >> Hi Karl,
> >>
> >> I have had everything working when I worked earlier with ManifoldCF 0.5
> and
> >> Solr 3.6.
> >>
> >> I tried to move to the new versions and started configuring ManifoldCF
> 1.1.1
> >> and Solr 4.1.
> >> Everything worked well and I was able to define all connections in
> >> ManifoldCF and ran jobs and the files got indexed into Solr.
> >>
> >> But the document-level secure integration with Solr is not working for
> me. I
> >> mean, after modifying the solr schema and configuring the
> >> search component in solrconfig.xml, am not able to see any results in
> solr.
> >>
> >> To confirm if mcf is working properly, I tried the command
> >>
> >> curl
> >> "
> http://localhost:8080/mcf-authority-service/UserACLs?username=swapna.vuppala@global.arup.com
> "
> >>
> >> and it gives me
> >>
> >> USERNOTFOUND:AD
> >> TOKEN:AD:DEAD_AUTHORITY
> >>
> >> which was not the case earlier.
> >>
> >> Can you please tell me under what circumstances I would be getting such
> >> thing or what have I missed in configuring mcf?
> >>
> >> Thanks and Regards,
> >> Swapna.
>

Re: Secure search in Solr

[Karl Wright <da...@gmail.com>]

Looking at the code, one other way you can get this error is if the
suffix you have attached to your user ("global.arup.com" in this case)
does not match any of the domain controller rules you have specified.
So you will want to verify that as well.

Karl

On Tue, Feb 26, 2013 at 3:21 AM, Karl Wright <da...@gmail.com> wrote:
> Hi Swapna,
>
> What it is saying is that the user you supplied is not being
> recognized as a valid user against the domain controller you have
> configured for your Active Directory authority connection.
>
> If this is a connection that has been around from before you upgraded,
> then I'd suggest the following.  Since the last time you upgraded, a
> significant number of changes have taken place to the ActiveDirectory
> Connector.  While we tried to maintain backwards compatibility
> everywhere, it is certainly possible that something was overlooked.
> What I suggest is that you open the authority connection in the UI,
> and even if everything looks fine, save it.  This will upgrade the way
> the connection is saved, and potentially upgrade it.
>
> If this is a NEW connection, and you were simply trying to recreate an
> older one from memory, I would look at the parameters very carefully.
> Specifically, your choice of what AD attribute is used to match the
> user could change what name you use for each user.  If you have access
> to the domain controller you will want to verify you've made the right
> selection; the default attribute is not the same as before, and
> although upgrade should have preserved existing behavior, you will not
> get the benefit of that if you created a new connection from scratch.
>
> If you send us more information about how you did the upgrade, we
> might be of more help.
>
> Karl
>
>
> On Tue, Feb 26, 2013 at 1:10 AM, Swapna Vuppala
> <sw...@gmail.com> wrote:
>> Hi Karl,
>>
>> I have had everything working when I worked earlier with ManifoldCF 0.5 and
>> Solr 3.6.
>>
>> I tried to move to the new versions and started configuring ManifoldCF 1.1.1
>> and Solr 4.1.
>> Everything worked well and I was able to define all connections in
>> ManifoldCF and ran jobs and the files got indexed into Solr.
>>
>> But the document-level secure integration with Solr is not working for me. I
>> mean, after modifying the solr schema and configuring the
>> search component in solrconfig.xml, am not able to see any results in solr.
>>
>> To confirm if mcf is working properly, I tried the command
>>
>> curl
>> "http://localhost:8080/mcf-authority-service/UserACLs?username=swapna.vuppala@global.arup.com"
>>
>> and it gives me
>>
>> USERNOTFOUND:AD
>> TOKEN:AD:DEAD_AUTHORITY
>>
>> which was not the case earlier.
>>
>> Can you please tell me under what circumstances I would be getting such
>> thing or what have I missed in configuring mcf?
>>
>> Thanks and Regards,
>> Swapna.

Re: Secure search in Solr

[Karl Wright <da...@gmail.com>]

Hi Swapna,

What it is saying is that the user you supplied is not being
recognized as a valid user against the domain controller you have
configured for your Active Directory authority connection.

If this is a connection that has been around from before you upgraded,
then I'd suggest the following.  Since the last time you upgraded, a
significant number of changes have taken place to the ActiveDirectory
Connector.  While we tried to maintain backwards compatibility
everywhere, it is certainly possible that something was overlooked.
What I suggest is that you open the authority connection in the UI,
and even if everything looks fine, save it.  This will upgrade the way
the connection is saved, and potentially upgrade it.

If this is a NEW connection, and you were simply trying to recreate an
older one from memory, I would look at the parameters very carefully.
Specifically, your choice of what AD attribute is used to match the
user could change what name you use for each user.  If you have access
to the domain controller you will want to verify you've made the right
selection; the default attribute is not the same as before, and
although upgrade should have preserved existing behavior, you will not
get the benefit of that if you created a new connection from scratch.

If you send us more information about how you did the upgrade, we
might be of more help.

Karl


On Tue, Feb 26, 2013 at 1:10 AM, Swapna Vuppala
<sw...@gmail.com> wrote:
> Hi Karl,
>
> I have had everything working when I worked earlier with ManifoldCF 0.5 and
> Solr 3.6.
>
> I tried to move to the new versions and started configuring ManifoldCF 1.1.1
> and Solr 4.1.
> Everything worked well and I was able to define all connections in
> ManifoldCF and ran jobs and the files got indexed into Solr.
>
> But the document-level secure integration with Solr is not working for me. I
> mean, after modifying the solr schema and configuring the
> search component in solrconfig.xml, am not able to see any results in solr.
>
> To confirm if mcf is working properly, I tried the command
>
> curl
> "http://localhost:8080/mcf-authority-service/UserACLs?username=swapna.vuppala@global.arup.com"
>
> and it gives me
>
> USERNOTFOUND:AD
> TOKEN:AD:DEAD_AUTHORITY
>
> which was not the case earlier.
>
> Can you please tell me under what circumstances I would be getting such
> thing or what have I missed in configuring mcf?
>
> Thanks and Regards,
> Swapna.