Hi Merlin,
Solr 5.2.x only supported Kerberos out of the box and introduced a
framework to write your own authentication/authorization plugin. If you
don't use Kerberos, the only sensible way forward for you would be to wait
for the 5.3.1 release to come out and then move to it.
Until then, or
OK, I downgraded to solr 5.2.x
Unfortunatelly still no luck. I followed 2 aproaches:
1. Secure it the old fashioned way like described here:
http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-admin-password
2. Using the Basic Authentication Plugin like described here:
There were some bugs with the 5.3.0 release and 5.3.1 is in the
process of getting released.
try out the option #2 with the RC here
https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-5.3.1-RC1-rev1702389/solr/
On Fri, Sep 11, 2015 at 5:16 PM, Merlin Morgenstern
Thank you for the info.
I have already downgraded to 5.2.x as this is a production setup.
Unfortunatelly I have the same trouble there ... Any suggestions how to fix
this? What is the recommended procedure in securing the admin gui on prod
setups?
2015-09-11 14:26 GMT+02:00 Noble Paul
The authorization plugin is new in Solr 5.3.It is hard to describe a secure
Solr 5.2.1 environment simply - the basics are to protect /solr by placing it
behind Apache httpd or nginx, and also a port-based firewall. I am most
familiar with Apache httpd and Linux/RedHat family.
Within the
If you are using Linux server you can always iptables to restrict access to
solr admin panel.
On Sep 9, 2015 3:05 PM, "Merlin Morgenstern"
wrote:
> I just installed solr cloud 5.3.x and found that the way to secure the amin
> ui has changed. Aparently there is a new
Check this https://cwiki.apache.org/confluence/display/solr/Securing+Solr
There a couple of bugs in 5.3.o and a bug fix release is coming up
over the next few days.
We don't provide any specific means to restrict access to admin UI
itself. However we let users specify fine grained ACLs on
I just installed solr cloud 5.3.x and found that the way to secure the amin
ui has changed. Aparently there is a new plugin which does role based
authentification and all info on how to secure the admin UI found on the
net is outdated.
I do not need role based authentification but just simply