In this page we explain what is a MCF authority connection, how to create one for a file share and finally how to ask directly MCF in order to see the ACLs retrieved for a particular user.
1.What is a MCF authority connection
To answer that, first an architecture diagram of MCF :
...
This schema is extracted from a presentation at Lucene Revolution by Aurelien Mazoyer from France Labs : https://fr.slideshare.net/francelabs/integrate-manifoldcf-with-solr You can see it entirely if you want more information about MCF.
2.How to create a MCF authority connection for a Windows file share
MCF provides a early-binding authorization mechanism for file searchs. MCF extracts ACLs from files at crawling-time, and injects them into Solr as specific fields for the Solr document.
At query time,Datafari can query Solr for documents that are available for a specific user profile. Solr handles the query, contacts the authority service of MCF in order to ask for information on the authenticated user, such as its group membership. Solr then performs the query and filters the query results with this information.
In Datafari the Solr schema is already configured to store ACL and the MCF security plugin on the search handler is also present. So you have just to configure the MCF authority connection into the MCF admin UI.
...
So if you want to perform queries in the Solr admin and see what documents a particular user can access, add the parameter : AuthenticatedUserName=username@domain like this :
3. Ask directly MCF authority connector
For testing purposes, you can also directly query the MCF authority service to get SSID of a specific user and SSIDs of group that he belongs to :
...