Alfresco discussion and collaboration. Stick around a few hours after asking a question.
Official support for Enterprise subscribers: support.alfresco.com.
Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.
More information about the channel is in the wiki.
More help is available in this list of resources.
2019-11-15 03:22:35 GMT <alfresco-discord> <THpubs> Hi guys. I'm trying to upload a file to Alfresco using the rest API (https://api-explorer.alfresco.com/api-explorer/#!/nodes/createNode) In my nodeJS app, I'm using the same method as suggested in here: https://hub.alfresco.com/t5/alfresco-content-services-forum/uploading-a-file-through-js-api/m-p/80494 (Using request.post). The problem is, if I read a file in the disk using fs.createReadStream and
2019-11-15 03:22:36 GMT <alfresco-discord> send it, it get's uploaded correctly. But now I want to send a Buffer or a base64 encoded content. How can I do that?
2019-11-15 03:22:37 GMT <alfbot> Title:Alfresco Content Services REST API Explorer (at api-explorer.alfresco.com)
2019-11-15 03:22:52 GMT <alfresco-discord> <THpubs> I tried to convert the Buffer to a stream but then the request times out.
2019-11-15 11:48:44 GMT <fwu2018> ah
2019-11-15 11:48:48 GMT <fwu2018> hello all
2019-11-15 11:51:07 GMT <AFaust> Does anyone have any idea how I can get an IP / host name for the Docker host system, which I can use both for generating redirect URLs to send to clients as well as have components in Docker components talk to each other using the external Docker NAT rules?
2019-11-15 11:53:28 GMT <AFaust> Working on improving my Keycloak integration right now, and having issues setting up my local integration test. The "auth server URL" is used both to generate login form redirects for web browsers AND for Keycloak Java libs to access Keycloak (in another container) to exchange authorisation codes for access tokens (depending on the "client" configuration in Keycloak) - so it needs to be a URL that works for both use cases.
2019-11-15 11:55:29 GMT <AFaust> ... and of course I ideally need a solution that works generically in a Maven context (using fabric8io plugin at the moment)
2019-11-15 11:59:54 GMT <AFaust> I mean, I can always go the route of "host" networking for my Docker-based integration test, but want to avoid that if possible
2019-11-15 12:28:41 GMT <AFaust> Argh - of course I cannot use host network because then I run into potential port conflicts due to losing the ability to map public to internal ports...
2019-11-15 12:29:34 GMT <AFaust> Well... looks like the integration test will not be able to cover all use cases and I can only test Keycloak implicit flow + direct access token grant
2019-11-15 12:33:56 GMT <alfresco-discord> <yreg> AFaust if you only need to have to access those host names from within the containers (within the same network) and/or the host system
2019-11-15 12:35:07 GMT <AFaust> Well - the one URL I need to configure needs to be used both externally (web browser) and internally (Repository -> Keycloak container)
2019-11-15 12:35:12 GMT <alfresco-discord> <yreg> I thought docker (or was it compose) does automagically generate special A dns records for <container-name>.<static-prefix> which can be used both from within the containers in the same network and the host sysytem
2019-11-15 12:35:57 GMT <alfresco-discord> <yreg> if by externally (web browser) you mean from the host system performing the build, then this would work
2019-11-15 12:36:42 GMT <AFaust> Yes, from the host system...
2019-11-15 12:36:53 GMT <alfresco-discord> <yreg> you also could have a maven image with the project folder mounted in triggering the integration tests from within a container inside the network, making it possible to point to the various containers by name
2019-11-15 12:37:26 GMT <AFaust> "integration test" -> also involves me manually doing some tests via various browsers...
2019-11-15 12:38:13 GMT <AFaust> the automation part comes later...
2019-11-15 12:38:44 GMT <alfresco-discord> <yreg> then the first suggested approach for sure
2019-11-15 12:39:14 GMT <AFaust> (if ever - I don't really feel like doing any automated browser tests with the various flaky, Node-based frameworks)
2019-11-15 12:39:32 GMT <AFaust> Do you have any documentation links for the A record stuff?
2019-11-15 12:42:42 GMT <AFaust> Hmm... looks like the internal DNS entry "docker.host.internal" may not work for me (https://github.com/docker/for-win/issues/1976)
2019-11-15 12:42:44 GMT <alfbot> Title:Internal Host DNS cannot be resolved (Windows Container 1803) · Issue #1976 · docker/for-win · GitHub (at github.com)
2019-11-15 12:42:51 GMT <AFaust> Going to test...
2019-11-15 12:51:15 GMT <AFaust> So, docker.host.internal does not work, but the similar entry gateway.docker.internal does
2019-11-15 12:52:19 GMT <AFaust> Though docker.host.internal will not help me even if it did work - not usable from external browser obviously (without some static hosts file)
2019-11-15 12:53:41 GMT <alfresco-discord> <yreg> I couldn't find that thing about automatic creation of A records
2019-11-15 12:53:52 GMT <alfresco-discord> <yreg> but I could swear I have seen that before
2019-11-15 12:54:17 GMT <alfresco-discord> <yreg> the closest thing I came across now is this : https://github.com/mageddo/dns-proxy-server
2019-11-15 12:54:19 GMT <alfbot> Title:GitHub - mageddo/dns-proxy-server: Solve your DNS hosts from your docker containers, then from your local configuration, then from internet (at github.com)
2019-11-15 12:58:39 GMT <AFaust> I guess the best chance I'll have is injecting some start script into the default Alfresco Repository image to map my hosts name to the Docker internal host IP via /etc/hosts
2019-11-15 13:00:53 GMT <AFaust> Now I only need to find out how to reliably get the internal IP in light of docker.host.internal not working
2019-11-15 13:01:09 GMT <alfresco-discord> <yreg> Which internal IP ?
2019-11-15 13:02:28 GMT <alfresco-discord> <yreg> AFaust using host.docker.internal from within a container resolves always to the host IP
2019-11-15 13:02:43 GMT <AFaust> No, apparently not in the current state of Docker for WIndows
2019-11-15 13:03:05 GMT <alfresco-discord> <yreg> note that the order for host/docker you used previously wasn't correct
2019-11-15 13:03:24 GMT <AFaust> I used what was officially documented
2019-11-15 13:03:59 GMT <AFaust> Are you kidding me?? host.docker.internal works, the documented docker.host.internal doesn't....
2019-11-15 13:05:41 GMT <AFaust> Though I am a bit surprised that it does not resolve to an IP address in the proper subnet. E.g. my container has 127.17.0.0 subnet, but IP resolved for host is in the 192.168.0.0 subnet
2019-11-15 13:07:03 GMT <AFaust> 127 -> 172
2019-11-15 13:07:43 GMT <AFaust> and 172.17.0.1 is also valid for the host
2019-11-15 13:08:07 GMT <alfresco-discord> <bhagyas> I'm not sure how, but the orderofthebee.org now contains a link to playing online slots
2019-11-15 13:08:16 GMT <AFaust> seems like Docker DNS is just as magic and held together by spit and tape as anything else in IT nowadays
2019-11-15 13:08:21 GMT <alfresco-discord> <bhagyas> has the domain been compromised?
2019-11-15 13:08:24 GMT <alfresco-discord> <yreg> I think I used to use your variant, and that I had to switch to the latter, since the first one only resolved correctly on docker-for-mac but never on windows
2019-11-15 13:08:42 GMT <AFaust> bhagyas: You apparently missed some announcements in the last half year.
2019-11-15 13:09:00 GMT <alfresco-discord> <bhagyas> you mean on OOTB mailing list?
2019-11-15 13:09:19 GMT <AFaust> We were forced to switch to orderofthebee.net since orderofthebee.org expired in July, and as a result of Martin's passing, we have not (yet) been able to transfer the domain
2019-11-15 13:09:38 GMT <alfresco-discord> <bhagyas> I can't see any mention about this compromised domain on the mailing list
2019-11-15 13:10:03 GMT <AFaust> No - it was made more public than the mailing list via Twitter.
2019-11-15 13:10:12 GMT <alfresco-discord> <bhagyas> the last mail I have is on the passing of marsbard
2019-11-15 13:10:15 GMT <AFaust> But yeah - should have included the mailing list
2019-11-15 13:10:21 GMT <alfresco-discord> <yreg> https://twitter.com/orderofthebee/status/1194190424249962496
2019-11-15 13:10:26 GMT <alfresco-discord> <bhagyas> ah okay, been away from active twitter lately
2019-11-15 13:10:47 GMT <alfresco-discord> <bhagyas> twitter shows real domain is t.co/asdf asd
2019-11-15 13:10:55 GMT <alfresco-discord> <bhagyas> in the tweet itself
2019-11-15 13:11:08 GMT <alfresco-discord> <bhagyas> xD
2019-11-15 13:11:09 GMT <alfresco-discord> <yreg> nope, that was the discord preview
2019-11-15 13:11:16 GMT <alfresco-discord> <bhagyas> yeah
2019-11-15 13:11:20 GMT <alfresco-discord> <yreg> in the tweet it shows up correctly
2019-11-15 13:11:52 GMT <AFaust> Abuse claim has been filed against orderofthebee.org with GoDaddy
2019-11-15 13:12:06 GMT <alfresco-discord> <bhagyas> I see, how long does it take to resolve?
2019-11-15 13:12:14 GMT <alfresco-discord> <yreg> No idea
2019-11-15 13:12:26 GMT <alfresco-discord> <bhagyas> Any chance we can tweet at them?
2019-11-15 13:12:48 GMT <alfresco-discord> <bhagyas> I've seen many companies responding faster on social media
2019-11-15 13:12:55 GMT <alfresco-discord> <yreg> We are following it up, tweeting at them might help indeed
2019-11-15 13:13:32 GMT <alfresco-discord> <bhagyas> the worse thing is that some links still point to orderofthebee.org - including search results and blog posts
2019-11-15 13:14:07 GMT <alfresco-discord> <bhagyas> and since the page looks almost the same, it's hard to know if it has been updated at all
2019-11-15 13:14:09 GMT <AFaust> The domain used to be inaccessible after expiry, but for some reason, GoDaddy released it again and allowed it to be transferred to someone else.
2019-11-15 13:14:28 GMT <alfresco-discord> <bhagyas> yeah, usually once they are expired, you get a grace period
2019-11-15 13:14:50 GMT <alfresco-discord> <bhagyas> after that it's just an entry in a publicly available expired domain list
2019-11-15 13:15:06 GMT <alfresco-discord> <bhagyas> cross referencing with page rank means someone can easily buy it at that moment
2019-11-15 13:15:10 GMT <alfresco-discord> <bhagyas> 😐
2019-11-15 13:16:03 GMT <AFaust> GoDaddy's WHOIS for the domain suggested it be blocked until next year though.
2019-11-15 13:16:34 GMT <alfresco-discord> <bhagyas> Do you have any case ID for what was filed with them?
2019-11-15 13:16:53 GMT <AFaust> And I could not buy it myself when I tried a couple of times, probably because I was not a GoDaddy customer.
2019-11-15 13:17:16 GMT <alfresco-discord> <bhagyas> I don't think they discriminate for not being a customer, because when you buy you become a customer
2019-11-15 13:17:30 GMT <alfresco-discord> <bhagyas> but I don't usually prefer godaddy when I want to buy a domain
2019-11-15 13:17:42 GMT <alfresco-discord> <bhagyas> namecheap is way better, and less expensive
2019-11-15 13:23:18 GMT <alfresco-discord> <bhagyas> Anyways, just filing another email to godaddy
2019-11-15 13:23:30 GMT <alfresco-discord> <bhagyas> If you have a case ID I can probably mention that as well
2019-11-15 13:23:49 GMT <alfresco-discord> <bhagyas> maybe if more people write, they might handle this faster
2019-11-15 13:26:41 GMT <alfresco-discord> <bhagyas> Just sent an email, copied AFaust (Gmail) on it, hope it helps
2019-11-15 13:31:22 GMT <fwu2018> Im looking for ADF + Alfresco 5.2 AD-FS integration. Is this possible without too much effort? Anyone with experience on this?
2019-11-15 13:31:34 GMT <alfresco-discord> <bhagyas> @AFaust Has anyone looked at this? https://www.godaddy.com/legal/agreements/trademark-copyright-infringement?®ionsite=www&marketid=en-US
2019-11-15 13:31:35 GMT <alfbot> Title:Trademark / Copyright Infringement - GoDaddy (at www.godaddy.com)
2019-11-15 13:31:49 GMT <alfresco-discord> <bhagyas> The copyright infringement can take lesser time than the domain dispute
2019-11-15 13:32:29 GMT <alfresco-discord> <bhagyas> https://supportcenter.godaddy.com/Infringement?isc=gdbb3454&utm_source=gdocp&utm_medium=email&utm_campaign=en-US_other_email-nonrevenue_base_gd&utm_content=191115_3454_Engagement_Other_Service_Customer-Service_gdbb3454_6FT5PWOiiRtnJXdehg4IpF
2019-11-15 13:32:59 GMT <alfresco-discord> <bhagyas> Unfortunately, I'm not the holder of the content copyright, so someone with authorisation must do it
2019-11-15 13:53:32 GMT <fwu2018> shouldnt standard Alfrewco ldap integration works for autenthication with ADFS? Of course that in this case LDAP must be configured to use ADFS as the authentication provider.
2019-11-15 13:54:00 GMT <fwu2018> something like this: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-to-authenticate-users-stored-in-ldap-directories
2019-11-15 13:54:01 GMT <alfbot> Title:Configure AD FS to authenticate users stored in LDAP directories | Microsoft Docs (at docs.microsoft.com)
2019-11-15 13:57:13 GMT <AFaust> fwu2018: Back in 2010/11 I used the regular LDAP-AD + passthru subsystems in Alfresco (3.2) to integrate with a federated Active Directory structure at a global customer. Not sure how much ADFS differs from that setup though, but I too would expect it to work out of the box with the common subsystems
2019-11-15 14:00:56 GMT <fwu2018> hello afaust! thank you for your input. The only problem I remeber for this is that the LDAP must have the users there, but they may not be there because it would be necessary a sync between that LDAP and the remote LDAP.
2019-11-15 14:01:37 GMT <fwu2018> maybe is due to this that everyone are using keycloak (im starting to read bout these options)
2019-11-15 14:03:22 GMT <hi-ko> I've a question for orphanProtectDays: I thought files will be guaranteed to be removed earliest after these days but there are files already deleted belonging to a modiefied node
2019-11-15 14:04:40 GMT <hi-ko> maybe important to mention: the node which has no longer the content on the disk was modified by excel / shuffle code
2019-11-15 14:06:57 GMT <hi-ko> also to mention: on this system system.content.eagerOrphanCleanup is set zu true to avoid copy to constentstore.deleted
2019-11-15 14:08:50 GMT <hi-ko> So my resumee is: you can't rely on system.content.orphanProtectDays for retrieving content in the time period
2019-11-15 14:10:32 GMT <hi-ko> Has anybody similar experience and may have an idea what brakes the concept of orphanProtectDays?
2019-11-15 14:12:08 GMT <AFaust> hi-ko: protect days is only respected by the async cleaner job - if the ContentStore.delete() operation is used directly by some code, content can still be deleted way before orphan cleanup would have
2019-11-15 14:13:14 GMT <hi-ko> which I suspect to be used somehow / somewhere in the cifs shuffle code
2019-11-15 14:13:17 GMT <AFaust> also: if eagerOrphanCleanup is set to true, then files will be deleted immediately without regards to orphan protection
2019-11-15 14:14:33 GMT <AFaust> https://github.com/Alfresco/alfresco-repository/blob/ac38ac94ff4f9cbdf2671a9517781bda389a13c4/src/main/java/org/alfresco/repo/domain/contentdata/AbstractContentDataDAOImpl.java#L730
2019-11-15 14:14:34 GMT <alfbot> Title:alfresco-repository/AbstractContentDataDAOImpl.java at ac38ac94ff4f9cbdf2671a9517781bda389a13c4 · Alfresco/alfresco-repository · GitHub (at github.com)
2019-11-15 14:15:01 GMT <AFaust> and https://github.com/Alfresco/alfresco-repository/blob/ac38ac94ff4f9cbdf2671a9517781bda389a13c4/src/main/java/org/alfresco/repo/content/cleanup/EagerContentStoreCleaner.java#L179
2019-11-15 14:15:02 GMT <alfbot> Title:alfresco-repository/EagerContentStoreCleaner.java at ac38ac94ff4f9cbdf2671a9517781bda389a13c4 · Alfresco/alfresco-repository · GitHub (at github.com)
2019-11-15 14:15:56 GMT <hi-ko> hmm. https://blyx.com/2014/08/18/understanding-alfresco-content-deletion/ could be read that eagerOrphanCleanup is only relevant for the cleanup job
2019-11-15 14:15:58 GMT <alfbot> Title:Understanding Alfresco Content Deletion – : : blyx.com : : Blog : : Toni de la Fuente : : (at blyx.com)
2019-11-15 14:17:43 GMT <hi-ko> so to summarize: don't use eagerOrphanCleanup on production systems and don't rely on orphanProtectDays
2019-11-15 14:17:52 GMT <hi-ko> important to know!
2019-11-15 14:27:44 GMT <AFaust> I never encountered any issues with orphanProtectDays, provided all 3rd party code is properly vetted for use of the ContentStore.delete API
2019-11-15 14:35:52 GMT <hi-ko> no 3rd party code involved on that system. only difference is eagerOrphanCleanup set to true
2019-11-15 14:46:45 GMT <hi-ko> after reading EagerContentStoreCleaner.java it is clear: content file file be deleted immediately. If enabled orphanProtectDays has no effect for keeping files on the disk
2019-11-15 14:47:54 GMT <hi-ko> Thanks AFaust
2019-11-15 15:18:25 GMT <hi-ko> in my opinion the most senseful variant for content cleanup would be: keep orphanProtectDays but don't move to contentstore.deleted
2019-11-15 15:19:04 GMT <hi-ko> which has not implementation :-(
2019-11-15 15:20:11 GMT <hi-ko> which results in copying every night content to contentstore.deleted and then deleting these copied files ...
2019-11-15 15:30:18 GMT <hi-ko> Has anybody tried to set dir.contentstore.deleted=/dev/null ? That would avoid that heavy unneeded IO
2019-11-15 15:33:48 GMT <hi-ko> ~later tell angelborroy: just found your module from 2017: you should extend you hint for eagerOrphanCleanup that hist may not be what the admin expects since protectDays will no longer apply
2019-11-15 15:33:48 GMT <alfbot> hi-ko: The operation succeeded.
2019-11-15 15:34:30 GMT <angelborroy> you are free to open a pull request :)
2019-11-15 15:34:30 GMT <alfbot> angelborroy: Sent just now: <hi-ko> just found your module from 2017: you should extend you hint for eagerOrphanCleanup that hist may not be what the admin expects since protectDays will no longer apply
2019-11-15 16:25:37 GMT <fwu2018> anyone knows about a good tutorial explaining how to use keycloak for ADFS authentication inAlfresco?
2019-11-15 16:37:40 GMT <AFaust> fwu2018: You don't kneed an Alfresco-specific tutorial for that (Alfresco does nothing special with Keycloak) - look for a general tutorial on ADFS + Keycloak...
2019-11-15 16:44:25 GMT <fwu2018> ok, afaust. thank you. I beleive for Alfresco it is an external subsystem
2019-11-15 17:36:12 GMT <fwu2018> afaust, if ldap is not used as a user/group exporter, but still used as the authentication provider, how can we set users and groups inside Alfresco? As far as I understand, I will get a new user only at the first login of the user, so only then Im able to set a group to that user. This means that if we use ldap only as an authentication provider,
2019-11-15 17:36:12 GMT <fwu2018> users and groups must be imported to Alfresco manually (using a script)?
2019-11-15 17:39:36 GMT <AFaust> That is correct - if there is no sync, users will only be created on first login. Groups would never be created in that situation (apart from Alfresco-local groups)
2019-11-15 17:40:10 GMT <AFaust> I am currently working on an improved Keycloak integration for Alfresco (https://github.com/Acosix/alfresco-keycloak) and started working on a Keycloak user/group sync today.
2019-11-15 17:40:11 GMT <alfbot> Title:GitHub - Acosix/alfresco-keycloak: Alfresco addon to provide Keycloak-related extensions / customisations for Repository and Share (at github.com)
2019-11-15 17:42:46 GMT <fwu2018> afaust, thats really nice!
2019-11-15 17:43:26 GMT <CptLuxx> you should work on the freemind thing!
2019-11-15 17:43:27 GMT <CptLuxx> :P
2019-11-15 17:44:17 GMT <fwu2018> afaust, but if I create the users and groups with a script, whne the user logs in for the first time he will be mapped with the users already created based on the user name, right?
2019-11-15 17:46:35 GMT <AFaust> CptLuxx: That as well, true. That Keycloak thing is for a customer though which has a bit longer history and a meeting planned for next week to discuss Keycloak strategy / vision within their multi-application setup.
2019-11-15 17:47:00 GMT <CptLuxx> it was a joke :P
2019-11-15 17:47:21 GMT <AFaust> I know... I was not taking it too seriously.
2019-11-15 17:47:51 GMT <AFaust> fwu2018: Yes, if the user / groups exist with matching names, they will be properly used, so script-creating them in advance is an option
2019-11-15 17:50:56 GMT <fwu2018> ok
2019-11-15 17:50:58 GMT <fwu2018> thnaks
The other logs are at http://esplins.org/hash_alfresco