giving weight for SynonymFilterFactory terms

2019-06-23 Thread Ruslan Dautkhanov 
Hello!

Is there is a way for Solr to assign weights for terms produced
by SynonymFilterFactory?

We'd like to give smaller weight for synonyms words/terms injected by
SynonymFilterFactory.
So exact matches weigh higher get higher score.

First use case if to just give one static weight for all synonyms
and if search-time matches through synonyms it'll have a certain (lower)
weight than exact match.

Can't find this in documentation.

Another use case is to fine-tune each synonyms with a particular weight
for each particular synonym (i.e. synonyms="synonyms.txt" would have 3
columns and not 2). It seems not currently possible, so perhaps just static
weight for all synonyms described above would be possible.

Any pointers highly appreciated.

Thank you,
Ruslan

Re: REINDEXCOLLECTION does not work with (basic) authentication

2019-06-23 Thread Colvin Cowie 
Patch available for review on
https://issues.apache.org/jira/browse/SOLR-13566

On Thu, 20 Jun 2019 at 10:02, Colvin Cowie 
wrote:

> I've raised SOLR-13566
>
> On Thu, 20 Jun 2019 at 09:14, Jan Høydahl  wrote:
>
>> I think this may be a case where the (background) job should use PKI
>> auth. Can you file a JIRA issue?
>>
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>>
>> > 19. jun. 2019 kl. 20:50 skrev Colvin Cowie > >:
>> >
>> > Hello
>> >
>> > I'm on the Solr 8.1 branch off commit
>> > f26388d034fe5eadca7416aa63b509b8db2c7688 so I have the authentication
>> fixes
>> > from SOLR-13510 (intermittent 401s for internode requests)
>> >
>> > When trying to use the new REINDEXCOLLECTION command with basic auth
>> > enabled, the daemon stream fails with repeated 401s when trying to
>> access
>> > the target collection.
>> >
>> > This might be the same problem as SOLR-13472, except it applies even
>> with a
>> > single node, and this doesn't require role based configuration.
>> >
>> > Repro: I added a reindex request in BasicAuthIntegrationTest and it is
>> > reproducible in there... I don't know what effect it should have on the
>> > auth metrics, if it were working correctly, so I don't know how to
>> update
>> > the test properly. But you can add the request towards the end of
>> > org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth()
>> >
>> >
>> >
>> > *  CollectionAdminRequest.ReindexCollection reindexReq =
>> > CollectionAdminRequest.reindexCollection(COLLECTION);
>> > reindexReq.setBasicAuthCredentials("harry", "HarryIsUberCool");
>> > cluster.getSolrClient().request(reindexReq, COLLECTION);*
>> >
>> > Manual Repro:
>> > run bin/solr -e cloud
>> > Choose 1 node / 1 shard / 1 replica
>> > In browser GET
>> >
>> http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION=gettingstarted
>> > will succeed
>> > Enable security: server\scripts\cloud-scripts\zkcli -zkhost
>> localhost:9983
>> > -cmd putfile /security.json 
>> >
>> > {
>> >"authentication": {
>> >"blockUnknown": true,
>> >"class": "solr.BasicAuthPlugin",
>> >"credentials": {
>> >"solradmin": "fskh17INKrOTSRCJ8HkamA0L6Uiq1dSMgn4OVy8htME=
>> > /Q4VgOkwVlP6AMVY+ML+IuodbfV81WEfZ3lFb390bws="
>> >}
>> >}
>> > }
>> >
>> > In browser authenticate (as solradmin : solradmin) and GET
>> >
>> http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION=gettingstarted
>> > will time out after 180 seconds
>> >
>> > The solr log will show repeated 401s
>> >
>> > Setting "forwardCredentials" : true in the security.json does not
>> appear to
>> > change the outcome.
>> >
>> >
>> > responses.txt
>> > <
>> https://drive.google.com/file/d/1h_vQCrf5KyZAK6TIG6fPzMNxBL1Rx1bT/view?usp=drive_web
>> >
>> >
>> > solr.log
>> > <
>> https://drive.google.com/file/d/10oYL3AtECxmei7cVOKAM5JPKEt8lFh67/view?usp=drive_web
>> >
>> >
>> > security.json
>> > <
>> https://drive.google.com/file/d/1xVbXcDEq2btbTycBdXLe3Evz5zIYxm9o/view?usp=drive_web
>> >
>>
>>

Re: Solr Cloud Kerberos cookie rejected spnego

2019-06-23 Thread Kevin Risden 
I don't think a Kerberos ticket without the hostname makes sense. You
almost always need a valid hostname and DNS for Kerberos to work
successfully.

Kevin Risden


On Sun, Jun 23, 2019 at 10:54 AM Rakesh Enjala
 wrote:

> Hi Team,
>
> Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
> below error
>
> org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
> error: No valid credentials provided (Mechanism level: No valid credentials
> provided (Mechanism level: Server not found in Kerberos database (7)))
> org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
> [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:
> Illegal
> domain attribute "". Domain of origin: "localhost"
>
> enabled krb5 debug true and am able to find the actual problem is that
> sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the
> localhost
>
> solr.in.sh
>
> SOLR_AUTH_TYPE="kerberos"
>
> SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
> -Djava.security.auth.login.config=/solr/jaas.conf
> -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
> -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
> DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
>
> Please help me out!
> *Regards,*
> *Rakesh Enjala*
>

Solr Cloud Kerberos cookie rejected spnego

2019-06-23 Thread Rakesh Enjala 
Hi Team,

Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
below error

org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials
provided (Mechanism level: Server not found in Kerberos database (7)))
org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
[hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry: Illegal
domain attribute "". Domain of origin: "localhost"

enabled krb5 debug true and am able to find the actual problem is that
sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the
localhost

solr.in.sh

SOLR_AUTH_TYPE="kerberos"
SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
-Djava.security.auth.login.config=/solr/jaas.conf
-Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
-Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"

Please help me out!
*Regards,*
*Rakesh Enjala*