I finally have a good grasp of exactly how rule based authorization in
Solr works. It's exceptionally flexible once you figure it out.
I've been trying to figure out whether there is any way to use Active
Directory for authentication in Solr, and if so, how in the world I
would manage mapping those users to Solr's authorization roles.
I found a page that explains how to use JWT authentication to talk to
Azure AD, but I suspect that won't work with on-prem AD. Also, the page
says absolutely nothing about authorization. I do not know whether the
AD in this environment I'm working in is Azure or not. I have asked,
but the answer hasn't come yet.
One mailing list thread I saw talks about possibly doing LDAP or
Kerberos, but doesn't say how to do it, and also says nothing about
authorization.
So I'm asking the question again, since I haven't found answers yet.
Can Solr use Active Directory for authentication? If it can, how do I
set it up? What options are there for mapping users in AD to Solr's
authorization roles? If I can work out how to do it, I will see about
writing up instructions for the ref guide.
Thanks,
Shawn
