[
https://issues.apache.org/jira/browse/SOLR-6915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292616#comment-14292616
]
Gregory Chanan commented on SOLR-6915:
--------------------------------------
th_TH_TH_#u-nu-thai and hi_IN seem to be issues with apacheds-ldap-api, they
have the backtrace that Shalin posted above.
ja_JP_JP_#u-ca-japanese seems to be a bouncycastle issue; the exception is
here:
{code}
209475 T11 oasc.SaslZkACLProviderTest.setUp Exception:invalid date string:
Unparseable date: "270126230030Z" java.lang.IllegalArgumentException: invalid
date string: Unparseable date: "270126230030Z"
[junit4] 2> at
org.bouncycastle.asn1.DERGeneralizedTime.<init>(Unknown Source)
[junit4] 2> at org.bouncycastle.asn1.x509.Time.<init>(Unknown
Source)
[junit4] 2> at
org.bouncycastle.x509.X509V1CertificateGenerator.setNotBefore(Unknown Source)
[junit4] 2> at
org.apache.directory.server.core.security.TlsKeyGenerator.addKeyPair(TlsKeyGenerator.java:277)
[junit4] 2> at
org.apache.directory.server.core.DefaultDirectoryService.createBootstrapEntries(DefaultDirectoryService.java:1483)
[junit4] 2> at
org.apache.directory.server.core.DefaultDirectoryService.initialize(DefaultDirectoryService.java:1828)
[junit4] 2> at
org.apache.directory.server.core.DefaultDirectoryService.startup(DefaultDirectoryService.java:1248)
[junit4] 2> at
org.apache.hadoop.minikdc.MiniKdc.initDirectoryService(MiniKdc.java:375)
[junit4] 2> at
org.apache.hadoop.minikdc.MiniKdc.start(MiniKdc.java:310)
{code}
> SaslZkACLProvider and Kerberos Test Using MiniKdc
> -------------------------------------------------
>
> Key: SOLR-6915
> URL: https://issues.apache.org/jira/browse/SOLR-6915
> Project: Solr
> Issue Type: Improvement
> Components: SolrCloud
> Reporter: Gregory Chanan
> Assignee: Gregory Chanan
> Fix For: 5.0, Trunk
>
> Attachments: SOLR-6915.patch, SOLR-6915.patch, fail.log, fail.log,
> tests-failures.txt
>
>
> We should provide a ZkACLProvider that requires SASL authentication. This
> provider will be useful for administration in a kerberos environment. In
> such an environment, the administrator wants solr to authenticate to
> zookeeper using SASL, since this is only way to authenticate with zookeeper
> via kerberos.
> The authorization model in such a setup can vary, e.g. you can imagine a
> scenario where solr owns (is the only writer of) the non-config znodes, but
> some set of trusted users are allowed to modify the configs. It's hard to
> predict all the possibilities here, but one model that seems generally useful
> is to have a model where solr itself owns all the znodes and all actions that
> require changing the znodes are routed to Solr APIs. That seems simple and
> reasonable as a first version.
> As for testing, I noticed while working on SOLR-6625 that we don't really
> have any infrastructure for testing kerberos integration in unit tests.
> Internally, I've been testing using kerberos-enabled VM clusters, but this
> isn't great since we won't notice any breakages until someone actually spins
> up a VM. So part of this JIRA is to provide some infrastructure for testing
> kerberos at the unit test level (using Hadoop's MiniKdc, HADOOP-9848).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
