Hi Merlin, Solr 5.2.x only supported Kerberos out of the box and introduced a framework to write your own authentication/authorization plugin. If you don't use Kerberos, the only sensible way forward for you would be to wait for the 5.3.1 release to come out and then move to it.
Until then, or without the upgrade, your best bet would be to try what Davis suggested. On Fri, Sep 11, 2015 at 7:30 AM, Merlin Morgenstern < merlin.morgenst...@gmail.com> wrote: > Thank you for the info. > > I have already downgraded to 5.2.x as this is a production setup. > Unfortunatelly I have the same trouble there ... Any suggestions how to fix > this? What is the recommended procedure in securing the admin gui on prod > setups? > > 2015-09-11 14:26 GMT+02:00 Noble Paul <noble.p...@gmail.com>: > > > There were some bugs with the 5.3.0 release and 5.3.1 is in the > > process of getting released. > > > > try out the option #2 with the RC here > > > > > > > https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-5.3.1-RC1-rev1702389/solr/ > > > > > > > > On Fri, Sep 11, 2015 at 5:16 PM, Merlin Morgenstern > > <merlin.morgenst...@gmail.com> wrote: > > > OK, I downgraded to solr 5.2.x > > > > > > Unfortunatelly still no luck. I followed 2 aproaches: > > > > > > 1. Secure it the old fashioned way like described here: > > > > > > http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-admin-password > > > > > > 2. Using the Basic Authentication Plugin like described here: > > > http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules/ > > > > > > Both aproaches created unsolved problems. > > > > > > While following option 1, I was able to secure the Admin UI with basic > > > authentication, but no longer able to access my application despite the > > > fact that it was working on solr 3.x with the same type of > authentication > > > procedure and credentials. > > > > > > While following option 2, I was stuck right after uploading the > > > security.json file to the zookeeper ensemble. The described behaviour > to > > curl > > > http://localhost:8983/solr/admin/authentication responded with a 404 > not > > > found and then solr could not connect to zookeeper. I had to remove > that > > > file from zookeeper and restart all solr nodes. > > > > > > Please could someone lead me the way on how to secure the Admin UI and > > > password protect solr cloud? I have a perfectly running system with > solr > > > 3.x and one core and now taking it to solr cloud 5.2.x into production > > > seems to be stoped by simple authorization problems. > > > > > > Thank you in advane for any help. > > > > > > > > > > > > 2015-09-10 20:42 GMT+02:00 Noble Paul <noble.p...@gmail.com>: > > > > > >> Check this > > https://cwiki.apache.org/confluence/display/solr/Securing+Solr > > >> > > >> There a couple of bugs in 5.3.o and a bug fix release is coming up > > >> over the next few days. > > >> > > >> We don't provide any specific means to restrict access to admin UI > > >> itself. However we let users specify fine grained ACLs on various > > >> operations such collection-admin-edit, read etc > > >> > > >> On Wed, Sep 9, 2015 at 2:35 PM, Merlin Morgenstern > > >> <merlin.morgenst...@gmail.com> wrote: > > >> > I just installed solr cloud 5.3.x and found that the way to secure > the > > >> amin > > >> > ui has changed. Aparently there is a new plugin which does role > based > > >> > authentification and all info on how to secure the admin UI found on > > the > > >> > net is outdated. > > >> > > > >> > I do not need role based authentification but just simply want to > put > > >> basic > > >> > authentification to the Admin UI. > > >> > > > >> > How do I configure solr cloud 5.3.x in order to restrict access to > the > > >> > Admin UI via Basic Authentification? > > >> > > > >> > Thank you for any help > > >> > > >> > > >> > > >> -- > > >> ----------------------------------------------------- > > >> Noble Paul > > >> > > > > > > > > -- > > ----------------------------------------------------- > > Noble Paul > > > -- Anshum Gupta
