(from github.com/freestyle68)
Hi,
for a windows share crawling there is a way to filter search results by NTFS permissions?
I have tried configuring LPAD and the flag “login required”, and in this way an Active Directory user can login, but without results.
In fact, after setting up a file system crawler with permissions “{role}guest”, only a locally defined user can see the results, but an external AD users cannot. There is a special role to define for an external user?
(from github.com/marevol)
Could you try smb://… path?
For file://… path, Fess crawler does not check file system permissions.
(from github.com/freestyle68)
Hi,
here is my config:
Fess 11.0.3 (unzipped version) on Ubuntu 16.04, Windows Server 2012 on smb side.
System --> General
Login Required: enabled
Login Link: enabled
LDAP URL: ldap://win2012
Base DN: CN=Users,DC=test,DC=local
Bind DN: administrator@test.local
User DN: %s@test.local
Account Filter: (sAMAccountName=%s))
memberOf Attribute: memberOf
(LDAP config as seen in http://fess.codelibs.org/ja/10.3/admin/general-guide.html?highlight=user%20dn)
Crawler --> File System
Paths: smb://win2012/share/
Permissions: none
Crawler --> File Authentication
Hostname: win2012
Scheme: Samba
Username: administrator
Parameters: domain=test
When I try to login with a demo user, I get the message “System Error
Contact the Site Administrator.” and I cannot login. So it seems an LDAP parameters problem.
In fact the wireshark capture show me this:
(from github.com/freestyle68)
With the following settings the authentication works, and also NTFS permissions are respected:
System --> General
LDAP URL: ldap://win2012
Base DN: CN=Users,DC=test,DC=local
Bind DN: administrator@test.local
User DN: %s@test.local
Account Filter: (member:1.2.840.113556.1.4.1941:={0})
memberOf Attribute: memberOf
I have created three users, the first two are allowed in only one folder, the third for both.
I also assigned a different label for the two folders with the following settings:
Permissions: none
and also tried with
Permissions:{role}guest
When I login with the three AD users, I never see labels.
It seems only locally defined users can see it.
There is a way to make external users able to see labels?
(from github.com/marevol)
An user in AD or LDAP does not have {role}guest.
To use labels with permissions, create group or role in AD/LDAP and then set it to users.
(from github.com/freestyle68)
The problem is that when I create a label, there is the Permissions field to fill.
If I leave the default setting {role}guest only guest users can see it.
If I leave blank no AD users can see it.
I have created a group in AD and associated to some users, but the missing part is associate it with a role in fess and associate the labels to this role. Without it I can’t see any label with AD users.
(from github.com/freestyle68)
With the following settings:
LDAP URL: ldap://win2012
Base DN: CN=Users,DC=test,DC=local
Bind DN: administrator@test.local
User DN: %s@test.local
Account Filter: (sAMAccountName=%s)
memberOf Attribute: memberOf
the labels are visible for AD users.
On Permission field in label is possible to assign by role with {role}ADrole, by group with {group}ADgroup or by user with {user}ADuser.
Please note that the documentation on http://fess.codelibs.org/ja/10.3/admin/general-guide.html?highlight=user%20dn there is a final ) to remove, as it states that
Account Filter: (sAMAccountName=%s))
© 2020. All Rights Reserved - CodeLibs, Inc.
