I would not give users directly access to Solr - even with LDAP plugin. Build a rest interface or web interface that does the authentication and authorization and security sanitization. Then you can also manage better excessive queries or explicitly forbid certain type of queries (eg specific streaming expressions - I would not expose all of them to users).
> Am 19.11.2019 um 11:02 schrieb Kommu, Vinodh K. <vko...@dtcc.com>: > > Thanks Charlie. > > We are already using Basic authentication in our existing clusters, however > it's getting difficult to maintain number of users as we are getting too many > requests for readonly access from support teams. So we desperately looking > for active directory solution. Just wondering if someone might have same > requirement need. > > > Regards, > Vinodh > > -----Original Message----- > From: Charlie Hull <char...@flax.co.uk> > Sent: Tuesday, November 19, 2019 2:55 PM > To: solr-user@lucene.apache.org > Subject: Re: Active directory integration in Solr > > ATTENTION! This email originated outside of DTCC; exercise caution. > > Not out of the box, there are a few authentication plugins bundled but not > for AD > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flucene.apache.org%2Fsolr%2Fguide%2F7_2%2Fauthentication-and-authorization-plugins.html&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245309858&sdata=fkahJ62aWFYh7QxcyFQbJV9u8OsTYSWp6pv0MNdzjps%3D&reserved=0 > - there's also some useful stuff in Apache ManifoldCF > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.francelabs.com%2Fblog%2Ftutorial-on-authorizations-for-manifold-cf-and-solr%2F&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=iYiKRDJKYBZaxUd%2F%2BIddFBwxB2RhSqih2KZc26aZlRU%3D&reserved=0 > > > Best > > Charlie > >> On 18/11/2019 15:08, Kommu, Vinodh K. wrote: >> Hi, >> >> Does anyone know that Solr has any out of the box capability to integrate >> Active directory (using LDAP) when security is enabled? Instead of creating >> users in security.json file, planning to use users who already exists in >> active directory so they can use their individual credentials rather than >> defining in Solr. Did anyone came across similar requirement? If so was >> there any working solution? >> >> >> Thanks, >> Vinodh >> >> DTCC DISCLAIMER: This email and any files transmitted with it are >> confidential and intended solely for the use of the individual or entity to >> whom they are addressed. If you have received this email in error, please >> notify us immediately and delete the email and any attachments from your >> system. The recipient should check this email and any attachments for the >> presence of viruses. The company accepts no liability for any damage caused >> by any virus transmitted by this email. >> > > -- > Charlie Hull > Flax - Open Source Enterprise Search > > tel/fax: +44 (0)8700 118334 > mobile: +44 (0)7767 825828 > web: > https://nam02.safelinks.protection.outlook.com/?url=www.flax.co.uk&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=YNGIg%2FVgL2w82i3JWsBkBTJeefHMjSxbjLaQyOdJVt0%3D&reserved=0 > > DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email. >
