I'm running,
solr -version
8.6.3
on
uname -rm
5.8.13-200.fc32.x86_64 x86_64
grep _NAME /etc/os-release
PRETTY_NAME="Fedora 32 (Server Edition)"
CPE_NAME="cpe:/o:fedoraproject:fedora:32"
with
java -version
openjdk version "15" 2020-09-15
OpenJDK Runtime Environment 20.9 (build 15+36)
OpenJDK 64-Bit Server VM 20.9 (build 15+36, mixed mode, sharing)
solr's configured for SSL usage. both client search connections and WebUI
access work OK, with EC certs in use
SOLR_SSL_KEY_STORE="/srv/ssl/solr.server.EC.pfx"
SOLR_SSL_TRUST_STORE="/srv/ssl/solr.server.EC.pfx"
If I enable BasicAuth, adding
/security.json
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{
"myuser":"jO... Fe..."
},
"realm":"Solr REALM",
"forwardCredentials": false
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[{
"name":"security-edit",
"role":"admin"
}],
"user-role":{
"solr":"admin"
}
}
}
as expected, WebUI requires/accepts valid credentials for access.
BUT ... client connections, e.g. from a mail MUA using dovecot's fts solr
plugin, immediately fail, returning "401 Unauthorized".
How can solr authentication be configured to split method -- using BasicAuth
for WebUI access ONLY, and still allowing the client connections?
Eventually, I want those client connections to require solr-side SSL client
auth.
Atm, I'd just like to get it working -- _with_ the BasicAuth WebUI protection
in place.
