Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2019-11-15 03:22:35 GMT <alfresco-discord> <THpubs> Hi guys. I'm trying to upload a file to Alfresco using the rest API (https://api-explorer.alfresco.com/api-explorer/#!/nodes/createNode) In my nodeJS app, I'm using the same method as suggested in here: https://hub.alfresco.com/t5/alfresco-content-services-forum/uploading-a-file-through-js-api/m-p/80494 (Using request.post). The problem is, if I read a file in the disk using fs.createReadStream and

2019-11-15 03:22:36 GMT <alfresco-discord> send it, it get's uploaded correctly. But now I want to send a Buffer or a base64 encoded content. How can I do that?

2019-11-15 03:22:37 GMT <alfbot> Title:Alfresco Content Services REST API Explorer (at api-explorer.alfresco.com)

2019-11-15 03:22:52 GMT <alfresco-discord> <THpubs> I tried to convert the Buffer to a stream but then the request times out.

2019-11-15 11:48:44 GMT <fwu2018> ah

2019-11-15 11:48:48 GMT <fwu2018> hello all

2019-11-15 11:51:07 GMT <AFaust> Does anyone have any idea how I can get an IP / host name for the Docker host system, which I can use both for generating redirect URLs to send to clients as well as have components in Docker components talk to each other using the external Docker NAT rules?

2019-11-15 11:53:28 GMT <AFaust> Working on improving my Keycloak integration right now, and having issues setting up my local integration test. The "auth server URL" is used both to generate login form redirects for web browsers AND for Keycloak Java libs to access Keycloak (in another container) to exchange authorisation codes for access tokens (depending on the "client" configuration in Keycloak) - so it needs to be a URL that works for both use cases.

2019-11-15 11:55:29 GMT <AFaust> ... and of course I ideally need a solution that works generically in a Maven context (using fabric8io plugin at the moment)

2019-11-15 11:59:54 GMT <AFaust> I mean, I can always go the route of "host" networking for my Docker-based integration test, but want to avoid that if possible

2019-11-15 12:28:41 GMT <AFaust> Argh - of course I cannot use host network because then I run into potential port conflicts due to losing the ability to map public to internal ports...

2019-11-15 12:29:34 GMT <AFaust> Well... looks like the integration test will not be able to cover all use cases and I can only test Keycloak implicit flow + direct access token grant

2019-11-15 12:33:56 GMT <alfresco-discord> <yreg> AFaust if you only need to have to access those host names from within the containers (within the same network) and/or the host system

2019-11-15 12:35:07 GMT <AFaust> Well - the one URL I need to configure needs to be used both externally (web browser) and internally (Repository -> Keycloak container)

2019-11-15 12:35:12 GMT <alfresco-discord> <yreg> I thought docker (or was it compose) does automagically generate special A dns records for <container-name>.<static-prefix> which can be used both from within the containers in the same network and the host sysytem

2019-11-15 12:35:57 GMT <alfresco-discord> <yreg> if by externally (web browser) you mean from the host system performing the build, then this would work

2019-11-15 12:36:42 GMT <AFaust> Yes, from the host system...

2019-11-15 12:36:53 GMT <alfresco-discord> <yreg> you also could have a maven image with the project folder mounted in triggering the integration tests from within a container inside the network, making it possible to point to the various containers by name

2019-11-15 12:37:26 GMT <AFaust> "integration test" -> also involves me manually doing some tests via various browsers...

2019-11-15 12:38:13 GMT <AFaust> the automation part comes later...

2019-11-15 12:38:44 GMT <alfresco-discord> <yreg> then the first suggested approach for sure

2019-11-15 12:39:14 GMT <AFaust> (if ever - I don't really feel like doing any automated browser tests with the various flaky, Node-based frameworks)

2019-11-15 12:39:32 GMT <AFaust> Do you have any documentation links for the A record stuff?

2019-11-15 12:42:42 GMT <AFaust> Hmm... looks like the internal DNS entry "docker.host.internal" may not work for me (https://github.com/docker/for-win/issues/1976)

2019-11-15 12:42:44 GMT <alfbot> Title:Internal Host DNS cannot be resolved (Windows Container 1803) 路 Issue #1976 路 docker/for-win 路 GitHub (at github.com)

2019-11-15 12:42:51 GMT <AFaust> Going to test...

2019-11-15 12:51:15 GMT <AFaust> So, docker.host.internal does not work, but the similar entry gateway.docker.internal does

2019-11-15 12:52:19 GMT <AFaust> Though docker.host.internal will not help me even if it did work - not usable from external browser obviously (without some static hosts file)

2019-11-15 12:53:41 GMT <alfresco-discord> <yreg> I couldn't find that thing about automatic creation of A records

2019-11-15 12:53:52 GMT <alfresco-discord> <yreg> but I could swear I have seen that before

2019-11-15 12:54:17 GMT <alfresco-discord> <yreg> the closest thing I came across now is this : https://github.com/mageddo/dns-proxy-server

2019-11-15 12:54:19 GMT <alfbot> Title:GitHub - mageddo/dns-proxy-server: Solve your DNS hosts from your docker containers, then from your local configuration, then from internet (at github.com)

2019-11-15 12:58:39 GMT <AFaust> I guess the best chance I'll have is injecting some start script into the default Alfresco Repository image to map my hosts name to the Docker internal host IP via /etc/hosts

2019-11-15 13:00:53 GMT <AFaust> Now I only need to find out how to reliably get the internal IP in light of docker.host.internal not working

2019-11-15 13:01:09 GMT <alfresco-discord> <yreg> Which internal IP ?

2019-11-15 13:02:28 GMT <alfresco-discord> <yreg> AFaust using host.docker.internal from within a container resolves always to the host IP

2019-11-15 13:02:43 GMT <AFaust> No, apparently not in the current state of Docker for WIndows

2019-11-15 13:03:05 GMT <alfresco-discord> <yreg> note that the order for host/docker you used previously wasn't correct

2019-11-15 13:03:24 GMT <AFaust> I used what was officially documented

2019-11-15 13:03:59 GMT <AFaust> Are you kidding me?? host.docker.internal works, the documented docker.host.internal doesn't....

2019-11-15 13:05:41 GMT <AFaust> Though I am a bit surprised that it does not resolve to an IP address in the proper subnet. E.g. my container has 127.17.0.0 subnet, but IP resolved for host is in the 192.168.0.0 subnet

2019-11-15 13:07:03 GMT <AFaust> 127 -> 172

2019-11-15 13:07:43 GMT <AFaust> and 172.17.0.1 is also valid for the host

2019-11-15 13:08:07 GMT <alfresco-discord> <bhagyas> I'm not sure how, but the orderofthebee.org now contains a link to playing online slots

2019-11-15 13:08:16 GMT <AFaust> seems like Docker DNS is just as magic and held together by spit and tape as anything else in IT nowadays

2019-11-15 13:08:21 GMT <alfresco-discord> <bhagyas> has the domain been compromised?

2019-11-15 13:08:24 GMT <alfresco-discord> <yreg> I think I used to use your variant, and that I had to switch to the latter, since the first one only resolved correctly on docker-for-mac but never on windows

2019-11-15 13:08:42 GMT <AFaust> bhagyas: You apparently missed some announcements in the last half year.

2019-11-15 13:09:00 GMT <alfresco-discord> <bhagyas> you mean on OOTB mailing list?

2019-11-15 13:09:19 GMT <AFaust> We were forced to switch to orderofthebee.net since orderofthebee.org expired in July, and as a result of Martin's passing, we have not (yet) been able to transfer the domain

2019-11-15 13:09:38 GMT <alfresco-discord> <bhagyas> I can't see any mention about this compromised domain on the mailing list

2019-11-15 13:10:03 GMT <AFaust> No - it was made more public than the mailing list via Twitter.

2019-11-15 13:10:12 GMT <alfresco-discord> <bhagyas> the last mail I have is on the passing of marsbard

2019-11-15 13:10:15 GMT <AFaust> But yeah - should have included the mailing list

2019-11-15 13:10:21 GMT <alfresco-discord> <yreg> https://twitter.com/orderofthebee/status/1194190424249962496

2019-11-15 13:10:26 GMT <alfresco-discord> <bhagyas> ah okay, been away from active twitter lately

2019-11-15 13:10:47 GMT <alfresco-discord> <bhagyas> twitter shows real domain is t.co/asdf asd

2019-11-15 13:10:55 GMT <alfresco-discord> <bhagyas> in the tweet itself

2019-11-15 13:11:08 GMT <alfresco-discord> <bhagyas> xD

2019-11-15 13:11:09 GMT <alfresco-discord> <yreg> nope, that was the discord preview

2019-11-15 13:11:16 GMT <alfresco-discord> <bhagyas> yeah

2019-11-15 13:11:20 GMT <alfresco-discord> <yreg> in the tweet it shows up correctly

2019-11-15 13:11:52 GMT <AFaust> Abuse claim has been filed against orderofthebee.org with GoDaddy

2019-11-15 13:12:06 GMT <alfresco-discord> <bhagyas> I see, how long does it take to resolve?

2019-11-15 13:12:14 GMT <alfresco-discord> <yreg> No idea

2019-11-15 13:12:26 GMT <alfresco-discord> <bhagyas> Any chance we can tweet at them?

2019-11-15 13:12:48 GMT <alfresco-discord> <bhagyas> I've seen many companies responding faster on social media

2019-11-15 13:12:55 GMT <alfresco-discord> <yreg> We are following it up, tweeting at them might help indeed

2019-11-15 13:13:32 GMT <alfresco-discord> <bhagyas> the worse thing is that some links still point to orderofthebee.org - including search results and blog posts

2019-11-15 13:14:07 GMT <alfresco-discord> <bhagyas> and since the page looks almost the same, it's hard to know if it has been updated at all

2019-11-15 13:14:09 GMT <AFaust> The domain used to be inaccessible after expiry, but for some reason, GoDaddy released it again and allowed it to be transferred to someone else.

2019-11-15 13:14:28 GMT <alfresco-discord> <bhagyas> yeah, usually once they are expired, you get a grace period

2019-11-15 13:14:50 GMT <alfresco-discord> <bhagyas> after that it's just an entry in a publicly available expired domain list

2019-11-15 13:15:06 GMT <alfresco-discord> <bhagyas> cross referencing with page rank means someone can easily buy it at that moment

2019-11-15 13:15:10 GMT <alfresco-discord> <bhagyas> 馃槓

2019-11-15 13:16:03 GMT <AFaust> GoDaddy's WHOIS for the domain suggested it be blocked until next year though.

2019-11-15 13:16:34 GMT <alfresco-discord> <bhagyas> Do you have any case ID for what was filed with them?

2019-11-15 13:16:53 GMT <AFaust> And I could not buy it myself when I tried a couple of times, probably because I was not a GoDaddy customer.

2019-11-15 13:17:16 GMT <alfresco-discord> <bhagyas> I don't think they discriminate for not being a customer, because when you buy you become a customer

2019-11-15 13:17:30 GMT <alfresco-discord> <bhagyas> but I don't usually prefer godaddy when I want to buy a domain

2019-11-15 13:17:42 GMT <alfresco-discord> <bhagyas> namecheap is way better, and less expensive

2019-11-15 13:23:18 GMT <alfresco-discord> <bhagyas> Anyways, just filing another email to godaddy

2019-11-15 13:23:30 GMT <alfresco-discord> <bhagyas> If you have a case ID I can probably mention that as well

2019-11-15 13:23:49 GMT <alfresco-discord> <bhagyas> maybe if more people write, they might handle this faster

2019-11-15 13:26:41 GMT <alfresco-discord> <bhagyas> Just sent an email, copied AFaust (Gmail) on it, hope it helps

2019-11-15 13:31:22 GMT <fwu2018> Im looking for ADF + Alfresco 5.2 AD-FS integration. Is this possible without too much effort? Anyone with experience on this?

2019-11-15 13:31:34 GMT <alfresco-discord> <bhagyas> @AFaust Has anyone looked at this? https://www.godaddy.com/legal/agreements/trademark-copyright-infringement?&regionsite=www&marketid=en-US

2019-11-15 13:31:35 GMT <alfbot> Title:Trademark / Copyright Infringement - GoDaddy (at www.godaddy.com)

2019-11-15 13:31:49 GMT <alfresco-discord> <bhagyas> The copyright infringement can take lesser time than the domain dispute

2019-11-15 13:32:29 GMT <alfresco-discord> <bhagyas> https://supportcenter.godaddy.com/Infringement?isc=gdbb3454&utm_source=gdocp&utm_medium=email&utm_campaign=en-US_other_email-nonrevenue_base_gd&utm_content=191115_3454_Engagement_Other_Service_Customer-Service_gdbb3454_6FT5PWOiiRtnJXdehg4IpF

2019-11-15 13:32:59 GMT <alfresco-discord> <bhagyas> Unfortunately, I'm not the holder of the content copyright, so someone with authorisation must do it

2019-11-15 13:53:32 GMT <fwu2018> shouldnt standard Alfrewco ldap integration works for autenthication with ADFS? Of course that in this case LDAP must be configured to use ADFS as the authentication provider.

2019-11-15 13:54:00 GMT <fwu2018> something like this: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-to-authenticate-users-stored-in-ldap-directories

2019-11-15 13:54:01 GMT <alfbot> Title:Configure AD FS to authenticate users stored in LDAP directories | Microsoft Docs (at docs.microsoft.com)

2019-11-15 13:57:13 GMT <AFaust> fwu2018: Back in 2010/11 I used the regular LDAP-AD + passthru subsystems in Alfresco (3.2) to integrate with a federated Active Directory structure at a global customer. Not sure how much ADFS differs from that setup though, but I too would expect it to work out of the box with the common subsystems

2019-11-15 14:00:56 GMT <fwu2018> hello afaust! thank you for your input. The only problem I remeber for this is that the LDAP must have the users there, but they may not be there because it would be necessary a sync between that LDAP and the remote LDAP.

2019-11-15 14:01:37 GMT <fwu2018> maybe is due to this that everyone are using keycloak (im starting to read bout these options)

2019-11-15 14:03:22 GMT <hi-ko> I've a question for orphanProtectDays: I thought files will be guaranteed to be removed earliest after these days but there are files already deleted belonging to a modiefied node

2019-11-15 14:04:40 GMT <hi-ko> maybe important to mention: the node which has no longer the content on the disk was modified by excel / shuffle code

2019-11-15 14:06:57 GMT <hi-ko> also to mention: on this system system.content.eagerOrphanCleanup is set zu true to avoid copy to constentstore.deleted

2019-11-15 14:08:50 GMT <hi-ko> So my resumee is: you can't rely on system.content.orphanProtectDays for retrieving content in the time period

2019-11-15 14:10:32 GMT <hi-ko> Has anybody similar experience and may have an idea what brakes the concept of orphanProtectDays?

2019-11-15 14:12:08 GMT <AFaust> hi-ko: protect days is only respected by the async cleaner job - if the ContentStore.delete() operation is used directly by some code, content can still be deleted way before orphan cleanup would have

2019-11-15 14:13:14 GMT <hi-ko> which I suspect to be used somehow / somewhere in the cifs shuffle code

2019-11-15 14:13:17 GMT <AFaust> also: if eagerOrphanCleanup is set to true, then files will be deleted immediately without regards to orphan protection

2019-11-15 14:14:33 GMT <AFaust> https://github.com/Alfresco/alfresco-repository/blob/ac38ac94ff4f9cbdf2671a9517781bda389a13c4/src/main/java/org/alfresco/repo/domain/contentdata/AbstractContentDataDAOImpl.java#L730

2019-11-15 14:14:34 GMT <alfbot> Title:alfresco-repository/AbstractContentDataDAOImpl.java at ac38ac94ff4f9cbdf2671a9517781bda389a13c4 路 Alfresco/alfresco-repository 路 GitHub (at github.com)

2019-11-15 14:15:01 GMT <AFaust> and https://github.com/Alfresco/alfresco-repository/blob/ac38ac94ff4f9cbdf2671a9517781bda389a13c4/src/main/java/org/alfresco/repo/content/cleanup/EagerContentStoreCleaner.java#L179

2019-11-15 14:15:02 GMT <alfbot> Title:alfresco-repository/EagerContentStoreCleaner.java at ac38ac94ff4f9cbdf2671a9517781bda389a13c4 路 Alfresco/alfresco-repository 路 GitHub (at github.com)

2019-11-15 14:15:56 GMT <hi-ko> hmm. https://blyx.com/2014/08/18/understanding-alfresco-content-deletion/ could be read that eagerOrphanCleanup is only relevant for the cleanup job

2019-11-15 14:15:58 GMT <alfbot> Title:Understanding Alfresco Content Deletion 鈥 : : blyx.com : : Blog : : Toni de la Fuente : : (at blyx.com)

2019-11-15 14:17:43 GMT <hi-ko> so to summarize: don't use eagerOrphanCleanup on production systems and don't rely on orphanProtectDays

2019-11-15 14:17:52 GMT <hi-ko> important to know!

2019-11-15 14:27:44 GMT <AFaust> I never encountered any issues with orphanProtectDays, provided all 3rd party code is properly vetted for use of the ContentStore.delete API

2019-11-15 14:35:52 GMT <hi-ko> no 3rd party code involved on that system. only difference is eagerOrphanCleanup set to true

2019-11-15 14:46:45 GMT <hi-ko> after reading EagerContentStoreCleaner.java it is clear: content file file be deleted immediately. If enabled orphanProtectDays has no effect for keeping files on the disk

2019-11-15 14:47:54 GMT <hi-ko> Thanks AFaust

2019-11-15 15:18:25 GMT <hi-ko> in my opinion the most senseful variant for content cleanup would be: keep orphanProtectDays but don't move to contentstore.deleted

2019-11-15 15:19:04 GMT <hi-ko> which has not implementation :-(

2019-11-15 15:20:11 GMT <hi-ko> which results in copying every night content to contentstore.deleted and then deleting these copied files ...

2019-11-15 15:30:18 GMT <hi-ko> Has anybody tried to set dir.contentstore.deleted=/dev/null ? That would avoid that heavy unneeded IO

2019-11-15 15:33:48 GMT <hi-ko> ~later tell angelborroy: just found your module from 2017: you should extend you hint for eagerOrphanCleanup that hist may not be what the admin expects since protectDays will no longer apply

2019-11-15 15:33:48 GMT <alfbot> hi-ko: The operation succeeded.

2019-11-15 15:34:30 GMT <angelborroy> you are free to open a pull request :)

2019-11-15 15:34:30 GMT <alfbot> angelborroy: Sent just now: <hi-ko> just found your module from 2017: you should extend you hint for eagerOrphanCleanup that hist may not be what the admin expects since protectDays will no longer apply

2019-11-15 16:25:37 GMT <fwu2018> anyone knows about a good tutorial explaining how to use keycloak for ADFS authentication inAlfresco?

2019-11-15 16:37:40 GMT <AFaust> fwu2018: You don't kneed an Alfresco-specific tutorial for that (Alfresco does nothing special with Keycloak) - look for a general tutorial on ADFS + Keycloak...

2019-11-15 16:44:25 GMT <fwu2018> ok, afaust. thank you. I beleive for Alfresco it is an external subsystem

2019-11-15 17:36:12 GMT <fwu2018> afaust, if ldap is not used as a user/group exporter, but still used as the authentication provider, how can we set users and groups inside Alfresco? As far as I understand, I will get a new user only at the first login of the user, so only then Im able to set a group to that user. This means that if we use ldap only as an authentication provider,

2019-11-15 17:36:12 GMT <fwu2018> users and groups must be imported to Alfresco manually (using a script)?

2019-11-15 17:39:36 GMT <AFaust> That is correct - if there is no sync, users will only be created on first login. Groups would never be created in that situation (apart from Alfresco-local groups)

2019-11-15 17:40:10 GMT <AFaust> I am currently working on an improved Keycloak integration for Alfresco (https://github.com/Acosix/alfresco-keycloak) and started working on a Keycloak user/group sync today.

2019-11-15 17:40:11 GMT <alfbot> Title:GitHub - Acosix/alfresco-keycloak: Alfresco addon to provide Keycloak-related extensions / customisations for Repository and Share (at github.com)

2019-11-15 17:42:46 GMT <fwu2018> afaust, thats really nice!

2019-11-15 17:43:26 GMT <CptLuxx> you should work on the freemind thing!

2019-11-15 17:43:27 GMT <CptLuxx> :P

2019-11-15 17:44:17 GMT <fwu2018> afaust, but if I create the users and groups with a script, whne the user logs in for the first time he will be mapped with the users already created based on the user name, right?

2019-11-15 17:46:35 GMT <AFaust> CptLuxx: That as well, true. That Keycloak thing is for a customer though which has a bit longer history and a meeting planned for next week to discuss Keycloak strategy / vision within their multi-application setup.

2019-11-15 17:47:00 GMT <CptLuxx> it was a joke :P

2019-11-15 17:47:21 GMT <AFaust> I know... I was not taking it too seriously.

2019-11-15 17:47:51 GMT <AFaust> fwu2018: Yes, if the user / groups exist with matching names, they will be properly used, so script-creating them in advance is an option

2019-11-15 17:50:56 GMT <fwu2018> ok

2019-11-15 17:50:58 GMT <fwu2018> thnaks

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco