I answered this on the LDAP thread, but copying here for completeness. I think its possible with https://solr.apache.org/guide/solr/latest/deployment-guide/hadoop-authentication-plugin.html
Specifically under "LDAP Configuration" - https://hadoop.apache.org/docs/stable/hadoop-auth/Configuration.html It is not exactly laid out in a simple way, but I think all the pieces are there to configure it. As a side note, you should also be able to use Kerberos/SPNEGO as an option with Active Directory if you have Kerberos setup on the Linux node. Be aware of https://issues.apache.org/jira/browse/SOLR-16240 Kevin Risden On Wed, Mar 22, 2023 at 11:57 PM Shawn Heisey <[email protected]> wrote: > On 3/22/2023 6:56 PM, dmitri maziuk wrote: > > Looks like someone did it: > > > https://stackoverflow.com/questions/17730950/jetty-jaas-and-active-directory-authentication-only > > > > On-prem AD is really just LDAP+SSL but I know next to nothing about > > jetty so I would be tempted to put it behind an apache or nginx proxy > > and off-load the auth to it. Those are well documented. > > I want to use Solr's authorization capability, so I don't think > configuring auth in Jetty is what I want at all. Same goes for any kind > of proxy layer. I could probably teach a proxy how to do the > authorization I want, but I really don't want to reinvent the wheel that > has already been built into Solr. It would be a TON of work. > > Thanks, > Shawn >
