Well i propose for Solr Kerberos authentication on HTTPS (2) for the web ui backend. Then the web ui backend does any type of authentication / authorization of users you need. I would not let users access directly access Solr in any environment.
> Am 20.11.2019 um 20:19 schrieb Kevin Risden <kris...@apache.org>: > > So I wrote the blog more of an experiment above. I don't know if it is > fully operating other than on a single node. That being said, the Hadoop > authentication plugin doesn't require running on HDFS. It just uses the > Hadoop code to do authentication. > > I will echo what Jorn said though - I wouldn't expose Solr to the internet > or directly without some sort of API. Whether you do > authentication/authorization at the API is a separate question. > > Kevin Risden > > >> On Wed, Nov 20, 2019 at 1:54 PM Jörn Franke <jornfra...@gmail.com> wrote: >> >> I would not give users directly access to Solr - even with LDAP plugin. >> Build a rest interface or web interface that does the authentication and >> authorization and security sanitization. Then you can also manage better >> excessive queries or explicitly forbid certain type of queries (eg specific >> streaming expressions - I would not expose all of them to users). >> >>>> Am 19.11.2019 um 11:02 schrieb Kommu, Vinodh K. <vko...@dtcc.com>: >>> >>> Thanks Charlie. >>> >>> We are already using Basic authentication in our existing clusters, >> however it's getting difficult to maintain number of users as we are >> getting too many requests for readonly access from support teams. So we >> desperately looking for active directory solution. Just wondering if >> someone might have same requirement need. >>> >>> >>> Regards, >>> Vinodh >>> >>> -----Original Message----- >>> From: Charlie Hull <char...@flax.co.uk> >>> Sent: Tuesday, November 19, 2019 2:55 PM >>> To: solr-user@lucene.apache.org >>> Subject: Re: Active directory integration in Solr >>> >>> ATTENTION! This email originated outside of DTCC; exercise caution. >>> >>> Not out of the box, there are a few authentication plugins bundled but >> not for AD >>> >> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flucene.apache.org%2Fsolr%2Fguide%2F7_2%2Fauthentication-and-authorization-plugins.html&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245309858&sdata=fkahJ62aWFYh7QxcyFQbJV9u8OsTYSWp6pv0MNdzjps%3D&reserved=0 >>> - there's also some useful stuff in Apache ManifoldCF >>> >> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.francelabs.com%2Fblog%2Ftutorial-on-authorizations-for-manifold-cf-and-solr%2F&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=iYiKRDJKYBZaxUd%2F%2BIddFBwxB2RhSqih2KZc26aZlRU%3D&reserved=0 >>> >>> >>> Best >>> >>> Charlie >>> >>>> On 18/11/2019 15:08, Kommu, Vinodh K. wrote: >>>> Hi, >>>> >>>> Does anyone know that Solr has any out of the box capability to >> integrate Active directory (using LDAP) when security is enabled? Instead >> of creating users in security.json file, planning to use users who already >> exists in active directory so they can use their individual credentials >> rather than defining in Solr. Did anyone came across similar requirement? >> If so was there any working solution? >>>> >>>> >>>> Thanks, >>>> Vinodh >>>> >>>> DTCC DISCLAIMER: This email and any files transmitted with it are >> confidential and intended solely for the use of the individual or entity to >> whom they are addressed. If you have received this email in error, please >> notify us immediately and delete the email and any attachments from your >> system. The recipient should check this email and any attachments for the >> presence of viruses. The company accepts no liability for any damage caused >> by any virus transmitted by this email. >>>> >>> >>> -- >>> Charlie Hull >>> Flax - Open Source Enterprise Search >>> >>> tel/fax: +44 (0)8700 118334 >>> mobile: +44 (0)7767 825828 >>> web: >> https://nam02.safelinks.protection.outlook.com/?url=www.flax.co.uk&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=YNGIg%2FVgL2w82i3JWsBkBTJeefHMjSxbjLaQyOdJVt0%3D&reserved=0 >>> >>> DTCC DISCLAIMER: This email and any files transmitted with it are >> confidential and intended solely for the use of the individual or entity to >> whom they are addressed. If you have received this email in error, please >> notify us immediately and delete the email and any attachments from your >> system. The recipient should check this email and any attachments for the >> presence of viruses. The company accepts no liability for any damage caused >> by any virus transmitted by this email. >>> >>
