In this page we explain what is a MCF authority connection, how to create one for a file share file and finally how to ask directly MCF in order to see the ACLs retrieved for a particular user.
1.What is a MCF authority connection
To answer to that, first an architecture diagram of MCF :
...
This schema is extracted from a presentation at Lucene Revolution by Aurelien Mazoyer from France Labs : https://fr.slideshare.net/francelabs/integrate-manifoldcf-with-solrYou You can see it entirely if you want more information about MCF.
2.How to create a MCF authority connection for a Windows file share
MCF provides a early-binding authorization mechanism for file searchs. MCF extracts ACLs from files at crawling-time, and injects them into Solr as specific fields for the Solr document.
At query time, an external application Datafari can query Solr for documents that are available for a specific user profile. Solr handles the query, contacts the authority service of MCF in order to ask for information on the authenticated user, such as its group membership. Solr then performs the query and filters the query results with this information.
In Datafari the Solr schema is already configured to store ACL and the MCF security plugin on the search handler is also present. So you have just to configure the MCF authority connection in into the MCF admin UI.
So go to MCF admin UI then Create a new Authority, select the connection type “Active Directory” and add the configuration of your AD in the tab Domain Controller as the following screenshot :
...
If you see the Solr logs, you will se see that for each query a parameter is added : AuthenticatedUserName=username@domain. It is related to the MCF security plugin added to the search handler.
So if you want to test perform queries in the Solr admin and see what documents a particular user can access, add the parameter : AuthenticatedUserName=username@domain like this :
3. Ask directly MCF authority connector
...