So I wrote the blog more of an experiment above. I don't know if it is fully operating other than on a single node. That being said, the Hadoop authentication plugin doesn't require running on HDFS. It just uses the Hadoop code to do authentication.
I will echo what Jorn said though - I wouldn't expose Solr to the internet or directly without some sort of API. Whether you do authentication/authorization at the API is a separate question. Kevin Risden On Wed, Nov 20, 2019 at 1:54 PM Jörn Franke <jornfra...@gmail.com> wrote: > I would not give users directly access to Solr - even with LDAP plugin. > Build a rest interface or web interface that does the authentication and > authorization and security sanitization. Then you can also manage better > excessive queries or explicitly forbid certain type of queries (eg specific > streaming expressions - I would not expose all of them to users). > > > Am 19.11.2019 um 11:02 schrieb Kommu, Vinodh K. <vko...@dtcc.com>: > > > > Thanks Charlie. > > > > We are already using Basic authentication in our existing clusters, > however it's getting difficult to maintain number of users as we are > getting too many requests for readonly access from support teams. So we > desperately looking for active directory solution. Just wondering if > someone might have same requirement need. > > > > > > Regards, > > Vinodh > > > > -----Original Message----- > > From: Charlie Hull <char...@flax.co.uk> > > Sent: Tuesday, November 19, 2019 2:55 PM > > To: solr-user@lucene.apache.org > > Subject: Re: Active directory integration in Solr > > > > ATTENTION! This email originated outside of DTCC; exercise caution. > > > > Not out of the box, there are a few authentication plugins bundled but > not for AD > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flucene.apache.org%2Fsolr%2Fguide%2F7_2%2Fauthentication-and-authorization-plugins.html&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245309858&sdata=fkahJ62aWFYh7QxcyFQbJV9u8OsTYSWp6pv0MNdzjps%3D&reserved=0 > > - there's also some useful stuff in Apache ManifoldCF > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.francelabs.com%2Fblog%2Ftutorial-on-authorizations-for-manifold-cf-and-solr%2F&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=iYiKRDJKYBZaxUd%2F%2BIddFBwxB2RhSqih2KZc26aZlRU%3D&reserved=0 > > > > > > Best > > > > Charlie > > > >> On 18/11/2019 15:08, Kommu, Vinodh K. wrote: > >> Hi, > >> > >> Does anyone know that Solr has any out of the box capability to > integrate Active directory (using LDAP) when security is enabled? Instead > of creating users in security.json file, planning to use users who already > exists in active directory so they can use their individual credentials > rather than defining in Solr. Did anyone came across similar requirement? > If so was there any working solution? > >> > >> > >> Thanks, > >> Vinodh > >> > >> DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email. > >> > > > > -- > > Charlie Hull > > Flax - Open Source Enterprise Search > > > > tel/fax: +44 (0)8700 118334 > > mobile: +44 (0)7767 825828 > > web: > https://nam02.safelinks.protection.outlook.com/?url=www.flax.co.uk&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=YNGIg%2FVgL2w82i3JWsBkBTJeefHMjSxbjLaQyOdJVt0%3D&reserved=0 > > > > DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email. > > >
