I guess I don’t understand why one wouldn’t simply make a basic front end for solr, it’s literally the easiest thing to throw together and then you control all authentication and filters per user. Even a basic one would be some w3 school tutorials with php+json+whatever authentication Mech you want to use. Access to the ui right away let’s you just, drop entire cores or collections, there’s no way anyone not familiar with what they’re doing should be allowed to touch it
> On Nov 20, 2019, at 6:22 PM, Jörn Franke <jornfra...@gmail.com> wrote: > > Well i propose for Solr Kerberos authentication on HTTPS (2) for the web ui > backend. Then the web ui backend does any type of authentication / > authorization of users you need. > I would not let users access directly access Solr in any environment. > > > >> Am 20.11.2019 um 20:19 schrieb Kevin Risden <kris...@apache.org>: >> >> So I wrote the blog more of an experiment above. I don't know if it is >> fully operating other than on a single node. That being said, the Hadoop >> authentication plugin doesn't require running on HDFS. It just uses the >> Hadoop code to do authentication. >> >> I will echo what Jorn said though - I wouldn't expose Solr to the internet >> or directly without some sort of API. Whether you do >> authentication/authorization at the API is a separate question. >> >> Kevin Risden >> >> >>> On Wed, Nov 20, 2019 at 1:54 PM Jörn Franke <jornfra...@gmail.com> wrote: >>> >>> I would not give users directly access to Solr - even with LDAP plugin. >>> Build a rest interface or web interface that does the authentication and >>> authorization and security sanitization. Then you can also manage better >>> excessive queries or explicitly forbid certain type of queries (eg specific >>> streaming expressions - I would not expose all of them to users). >>> >>>>> Am 19.11.2019 um 11:02 schrieb Kommu, Vinodh K. <vko...@dtcc.com>: >>>> >>>> Thanks Charlie. >>>> >>>> We are already using Basic authentication in our existing clusters, >>> however it's getting difficult to maintain number of users as we are >>> getting too many requests for readonly access from support teams. So we >>> desperately looking for active directory solution. Just wondering if >>> someone might have same requirement need. >>>> >>>> >>>> Regards, >>>> Vinodh >>>> >>>> -----Original Message----- >>>> From: Charlie Hull <char...@flax.co.uk> >>>> Sent: Tuesday, November 19, 2019 2:55 PM >>>> To: solr-user@lucene.apache.org >>>> Subject: Re: Active directory integration in Solr >>>> >>>> ATTENTION! This email originated outside of DTCC; exercise caution. >>>> >>>> Not out of the box, there are a few authentication plugins bundled but >>> not for AD >>>> >>> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flucene.apache.org%2Fsolr%2Fguide%2F7_2%2Fauthentication-and-authorization-plugins.html&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245309858&sdata=fkahJ62aWFYh7QxcyFQbJV9u8OsTYSWp6pv0MNdzjps%3D&reserved=0 >>>> - there's also some useful stuff in Apache ManifoldCF >>>> >>> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.francelabs.com%2Fblog%2Ftutorial-on-authorizations-for-manifold-cf-and-solr%2F&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=iYiKRDJKYBZaxUd%2F%2BIddFBwxB2RhSqih2KZc26aZlRU%3D&reserved=0 >>>> >>>> >>>> Best >>>> >>>> Charlie >>>> >>>>> On 18/11/2019 15:08, Kommu, Vinodh K. wrote: >>>>> Hi, >>>>> >>>>> Does anyone know that Solr has any out of the box capability to >>> integrate Active directory (using LDAP) when security is enabled? Instead >>> of creating users in security.json file, planning to use users who already >>> exists in active directory so they can use their individual credentials >>> rather than defining in Solr. Did anyone came across similar requirement? >>> If so was there any working solution? >>>>> >>>>> >>>>> Thanks, >>>>> Vinodh >>>>> >>>>> DTCC DISCLAIMER: This email and any files transmitted with it are >>> confidential and intended solely for the use of the individual or entity to >>> whom they are addressed. If you have received this email in error, please >>> notify us immediately and delete the email and any attachments from your >>> system. The recipient should check this email and any attachments for the >>> presence of viruses. The company accepts no liability for any damage caused >>> by any virus transmitted by this email. >>>>> >>>> >>>> -- >>>> Charlie Hull >>>> Flax - Open Source Enterprise Search >>>> >>>> tel/fax: +44 (0)8700 118334 >>>> mobile: +44 (0)7767 825828 >>>> web: >>> https://nam02.safelinks.protection.outlook.com/?url=www.flax.co.uk&data=02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=YNGIg%2FVgL2w82i3JWsBkBTJeefHMjSxbjLaQyOdJVt0%3D&reserved=0 >>>> >>>> DTCC DISCLAIMER: This email and any files transmitted with it are >>> confidential and intended solely for the use of the individual or entity to >>> whom they are addressed. If you have received this email in error, please >>> notify us immediately and delete the email and any attachments from your >>> system. The recipient should check this email and any attachments for the >>> presence of viruses. The company accepts no liability for any damage caused >>> by any virus transmitted by this email. >>>> >>>
