on 03-26-2014 8:29 AM
Hi all,
after setting up a fresh SAP Mobile Documents installation on NW 7.4 and creating the My Documents and shared repositories we see the message "repository not available" when logging in to the MCM User web interface. The NWA log shows the following errors:
Connection failed: Cannot access http://localhost:50000/cmis/json: Connection refused: connect
org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException: Cannot access http://localhost:50000/cmis/json: Connection refused: connect
Creating sharing home folder for user svcmcm failed: org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException: org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException: Cannot access http://localhost:50000/cmis/json: Connection refused: connect
Testing the connection to http://localhost:50000/cmis/json in the destination sometimes yields a negative initial result, followed by consistently positive results.
Do you have any ideas or suggestions?
Regards
Daniel
Hi Daniel,
is there anything in the log file that might indicate what is the problem? Also can you check that what role the users has that you used for the destination in the connection configuration. The user need to have the Content Administrator Role.
Also you can check out this Quick Setup Guide to see if you missed some configuration step:
Best regards
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alex,
thanks a lot; we are now able to connect and access Windows network shares after assigning the Content Admin Role to the MCM Users Group. We now however have the issue that our AD users can access all of the share's folders that the service user (assigned to the file system repository) has rights to. How can we enforce the individual user rights from the AD?
Regards
Daniel
P.S.: We are trying to use assertion tickets in this approach.
P.P.S.: We followed the preparatory steps under Integrating Documents from a Windows System into KM - Knowledge Management - SAP Library
Message was edited by: Daniel Hügelmann
Hi Daniel,
the Users Group of Mobile Documents should not have the Content Admin Role, only the User which is Used in the Destination need to have this role. If you use Assertion tickets you should have two destinations. One with <name> and one with <name>_User the one without the _User has a basic authentication and this user is the one that needs the content Admin Role.
How did you connect the Windows Network share to Mobile Documents? Which Connection Type did you use?
Best regards
Alex
Hi Alex,
our users cannot access the shares in Mobile Docs (Error in MCM User Web: "permissionDenied, undefined", Error in NWA log: "Problem while executing method: getChildren!") once we unassign the Content Admin Role from the Users Group. The service user still has that role, and is now the only one who can access the shares in Mobile Docs. It seems to us that all users require the Content Admin role. We used the two destinations as described by you, as well as the connection type "SAP Assertion Ticket Connection".
Best regards
Daniel
The application does that for you. When you create a DBFS repository, your content is on the file system and the metadata is in the database. Part of the metadata are also the ACL entries which the application sets. Of course when you work with windows fileshares, you should take care that only the application has access to the connected drives or folders and no other regular users.
When a user connects any Mobile Documents client for the first time, the server tries to create a folder for the user and sets the ACL so that only the user has permissions to access it. Therefore you use a Content Admin in the destination. This is the user that the application uses for the folder creation.
Ok, a CM Repository and FSB Mode seems to be the way to go here:
Lastly, connect the share as a corporate repository in the MCM admin. We just reused the existing local connection here. Note that your share is on the Mobile Docs server; we are going to test connecting to a remote server using a network path next.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, we tested the connection of a remotely located share and the component monitor states:
|
We already entered the path as a network path with appropriate user credentials. We also created a local folder for the versioning.Apart from the paths and naming we used settings identical to those in my last post. Any ideas? Are we missing something?
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.