GSBulkAuthZ web service fails to authorize user with error:Username can not be resolved into a valid SharePoint user.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. On-board connector configured in content feed mode.
2. After all URLs are successfully indexed on GSA, perform search from GSA
using domain user who has access to the SharePoint content.

What is the expected output? What do you see instead?
Search should be successful with connector AuthZ. Connector logs show
following error:

Error: Authorization failed because User domain\user1 can not be resolved
into a valid SharePoint user.

Logs snippet:
com.google.enterprise.connector.sharepoint.spiimpl.SharepointAuthorizationManage
r
getAuthResponseFromAuthData
WARNING: [status: false], Complex Document ID: [
https://site.domain.com:443//test/Lists/XYZ/WorkFlows.aspx%DOCID ] 
Feb 23, 2010 9:12:09 AM
com.google.enterprise.connector.sharepoint.spiimpl.SharepointAuthorizationManage
r
getAuthResponseFromAuthData
SEVERE: Web Service has thrown the following error while authorizing. 
 Error: Authorization failed because User domain\user1 can not be resolved
into a valid SharePoint user.

Additional Info:

Authentication succeed for the user at serve time. Also, GSA AuthZ logs
show INDETERMINATE by connector instea of DENY by connector.

Please use labels and text to provide additional information.
On-board SharePoint connector on GSA 6.2. GSS bundled with connector 2.4.0

Original issue reported on code.google.com by shashank...@gmail.com on 4 Mar 2010 at 8:06

[GoogleCodeExporter]

During Bulk Authorization, the username sent by the connector for authorization 
may
not be in a format that SharePoint expects. For example, the username that 
connector
sends is like mycomp.com\username. This user is typically stored as 
mycomp\username
in SharePoint. So, for authorization, the web service has to map 
mycomp.com\username
to mycomp\username. There can be more use cases like this like, connector may 
just
send username and no domain info. 

To handle any discrepency between the username formats as sent by the connector 
and
as used by the SharePoint, The GsBulkAuthorization web service make use of a 
utility
method of SharePoint named SPUtility.ResolveWindowsPrincipal. This method is 
expected
to resolve a given username and return a corresponding object which can be used 
for
authorization.

The current bug is becasue of the fact that this API
SPUtility.ResolveWindowsPrincipal is itself failing. Another alternative could 
be
SPUtility.ResolvePrincipal. But, we have verified that it also fails in the
environment where SPUtility.ResolveWindowsPrincipal was failing.

A workaround for this problem is to remove any such utiity methods and not do
username resolution at all. Rather, accept the username as it comes into the 
request,
in above example mycomp.com\username. As obvious, this workaround relies on the
username format and will work only if username sent by the connector is in the 
same
format as expected by SharePoint i.e mycomp\username.

Original comment by th.nitendra on 22 Apr 2010 at 2:04

[GoogleCodeExporter]

Original comment by rakeshs101981@gmail.com on 20 May 2010 at 6:21

• Added labels: Milestone-2.6.0

[GoogleCodeExporter]

Original comment by rakeshs101981@gmail.com on 6 Oct 2010 at 7:50

• Removed labels: Milestone-2.6.0

[GoogleCodeExporter]

Original comment by shashank...@gmail.com on 17 Mar 2011 at 11:57

[GoogleCodeExporter]

This issue is filed as Google issue #6513767

Original comment by tdnguyen@google.com on 18 May 2012 at 12:17

• Changed state: Duplicate