giving weight for SynonymFilterFactory terms
Hello! Is there is a way for Solr to assign weights for terms produced by SynonymFilterFactory? We'd like to give smaller weight for synonyms words/terms injected by SynonymFilterFactory. So exact matches weigh higher get higher score. First use case if to just give one static weight for all synonyms and if search-time matches through synonyms it'll have a certain (lower) weight than exact match. Can't find this in documentation. Another use case is to fine-tune each synonyms with a particular weight for each particular synonym (i.e. synonyms="synonyms.txt" would have 3 columns and not 2). It seems not currently possible, so perhaps just static weight for all synonyms described above would be possible. Any pointers highly appreciated. Thank you, Ruslan
Re: REINDEXCOLLECTION does not work with (basic) authentication
Patch available for review on https://issues.apache.org/jira/browse/SOLR-13566 On Thu, 20 Jun 2019 at 10:02, Colvin Cowie wrote: > I've raised SOLR-13566 > > On Thu, 20 Jun 2019 at 09:14, Jan Høydahl wrote: > >> I think this may be a case where the (background) job should use PKI >> auth. Can you file a JIRA issue? >> >> -- >> Jan Høydahl, search solution architect >> Cominvent AS - www.cominvent.com >> >> > 19. jun. 2019 kl. 20:50 skrev Colvin Cowie > >: >> > >> > Hello >> > >> > I'm on the Solr 8.1 branch off commit >> > f26388d034fe5eadca7416aa63b509b8db2c7688 so I have the authentication >> fixes >> > from SOLR-13510 (intermittent 401s for internode requests) >> > >> > When trying to use the new REINDEXCOLLECTION command with basic auth >> > enabled, the daemon stream fails with repeated 401s when trying to >> access >> > the target collection. >> > >> > This might be the same problem as SOLR-13472, except it applies even >> with a >> > single node, and this doesn't require role based configuration. >> > >> > Repro: I added a reindex request in BasicAuthIntegrationTest and it is >> > reproducible in there... I don't know what effect it should have on the >> > auth metrics, if it were working correctly, so I don't know how to >> update >> > the test properly. But you can add the request towards the end of >> > org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth() >> > >> > >> > >> > * CollectionAdminRequest.ReindexCollection reindexReq = >> > CollectionAdminRequest.reindexCollection(COLLECTION); >> > reindexReq.setBasicAuthCredentials("harry", "HarryIsUberCool"); >> > cluster.getSolrClient().request(reindexReq, COLLECTION);* >> > >> > Manual Repro: >> > run bin/solr -e cloud >> > Choose 1 node / 1 shard / 1 replica >> > In browser GET >> > >> http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION=gettingstarted >> > will succeed >> > Enable security: server\scripts\cloud-scripts\zkcli -zkhost >> localhost:9983 >> > -cmd putfile /security.json >> > >> > { >> >"authentication": { >> >"blockUnknown": true, >> >"class": "solr.BasicAuthPlugin", >> >"credentials": { >> >"solradmin": "fskh17INKrOTSRCJ8HkamA0L6Uiq1dSMgn4OVy8htME= >> > /Q4VgOkwVlP6AMVY+ML+IuodbfV81WEfZ3lFb390bws=" >> >} >> >} >> > } >> > >> > In browser authenticate (as solradmin : solradmin) and GET >> > >> http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION=gettingstarted >> > will time out after 180 seconds >> > >> > The solr log will show repeated 401s >> > >> > Setting "forwardCredentials" : true in the security.json does not >> appear to >> > change the outcome. >> > >> > >> > responses.txt >> > < >> https://drive.google.com/file/d/1h_vQCrf5KyZAK6TIG6fPzMNxBL1Rx1bT/view?usp=drive_web >> > >> > >> > solr.log >> > < >> https://drive.google.com/file/d/10oYL3AtECxmei7cVOKAM5JPKEt8lFh67/view?usp=drive_web >> > >> > >> > security.json >> > < >> https://drive.google.com/file/d/1xVbXcDEq2btbTycBdXLe3Evz5zIYxm9o/view?usp=drive_web >> > >> >>
Re: Solr Cloud Kerberos cookie rejected spnego
I don't think a Kerberos ticket without the hostname makes sense. You almost always need a valid hostname and DNS for Kerberos to work successfully. Kevin Risden On Sun, Jun 23, 2019 at 10:54 AM Rakesh Enjala wrote: > Hi Team, > > Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting > below error > > org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication > error: No valid credentials provided (Mechanism level: No valid credentials > provided (Mechanism level: Server not found in Kerberos database (7))) > org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected > [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry: > Illegal > domain attribute "". Domain of origin: "localhost" > > enabled krb5 debug true and am able to find the actual problem is that > sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the > localhost > > solr.in.sh > > SOLR_AUTH_TYPE="kerberos" > > SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin > -Djava.security.auth.login.config=/solr/jaas.conf > -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain= > -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@ > DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab" > > Please help me out! > *Regards,* > *Rakesh Enjala* >
Solr Cloud Kerberos cookie rejected spnego
Hi Team, Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting below error org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))) org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry: Illegal domain attribute "". Domain of origin: "localhost" enabled krb5 debug true and am able to find the actual problem is that sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the localhost solr.in.sh SOLR_AUTH_TYPE="kerberos" SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin -Djava.security.auth.login.config=/solr/jaas.conf -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain= -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@ DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab" Please help me out! *Regards,* *Rakesh Enjala*