How to map Native Realm Active Directory users to Google Drive users?

jerrac · April 20, 2021, 9:50pm

From the docs I've been trying to map my Active Directory users to their Google Drive counterparts. The API calls return 200, but when I try to list all identities, the list is empty.

POST http://search.example.org/api/ws/v1/sources/< id >/external_identities
Authorization: Bearer < token >
Content-Type: application/json


{
  "user": "adusername",
  "source_user_id": "adusername@example.org"
}

I have Elasticsearch configured to authenticate against AD.

In enterprise-search.yml, I have set ent_search.auth.es_users.source: elasticsearch-native.

What am I missing?

This is all on version 7.12.

I can log into Enterprise Search with my AD user, as can other users.

JonasLavoie · April 20, 2021, 9:56pm

Heya David - to confirm: you are looking to map users on Google Drive for the purposes of result-level permission management, correct?

Have you successfully ingested documents in the Google Drive source making sure Document-Level Permission Synchronization was turned on at connection time?

jerrac · April 20, 2021, 10:02pm

Yes, I selected the document level permission option when creating the google drive source.

The google drive source overview says that there are over 5000 documents.

The status says:

JonasLavoie · April 20, 2021, 10:09pm

Perfect, thanks for confirming -

when I try to list all identities, the list is empty

Using the List API endpoint should return the appropriate mappings as defined, granted the Content Source ID is the same as the one used for setting up the mappings.

Are you able to retrieve individual mappings using the Show Endpoint?

jerrac · April 20, 2021, 10:21pm

Here's what I get, when I GET:

GET https://search.example.org/api/ws/v1/sources/< id >/external_identities

{
  "meta": {
    "page": {
      "current": 1,
      "total_pages": 0,
      "total_results": 0,
      "size": 25
    }
  },
  "results": []
}

Using the exact same content source id for the POST and GET requests.

You're question about the "Show Endpoint" would be querying for a specific user, right?

Something like:

GET https://search.example.org/api/ws/v1/sources/< id >/external_identities/< username >

I tried that with both the AD username and the Google username. Both received 404's in response.

Ah, i was also using the google drive ID for it.

Sean_Story · April 20, 2021, 10:35pm

@jerrac can you send us the full curl command you're using (with -v for verbose output), and the full response back, when you attempt to add your external identity? With your token obfuscated, of course.

jerrac · April 20, 2021, 10:51pm

Er, yeah, helps to use https in the post request. Not http...

Now my user mappings are getting added and that status message has gone away.

Thanks for the help!