There is an effective alternative approach to placing
authentication within Solr. It is to use the web server (say Apache) as
a smart proxy to Solr and in so doing also apply access restrictions of
various kinds. Thus Solr remains intact, no addition needed for
authentication, and authentication can be accomplished with a known
robust tool.
Sketching the Apache part, to clarify matters. This example
requires both an IP range and an LDAP authentication, and it supports
https as well.
<Location /solr>
require ip 11.22.33.44/24 5.6.7.8/28
AuthType Basic
AuthBasicProvider ldap
AuthName "Solr"
AuthLDAPUrl ldap://example.com/o=GCHQ?uid?one?(objectClass=user)
require ldap-user admin james moneypenny
proxypass "http://localhost:8983/solr" keepalive=on
proxypassreverse "http://localhost:8983/solr";
</Location>
Above, localhost can be replaced with the DNS name of another
machine, that where Solr itself resides. The URI name /solr is clearly
something which we can choose to suit ourselves. This example may be
enhanced for local requirements.
The Apache manual has full details, naturally. It is important to
use proven robust tools when we deal with the bad guys.
Thanks,
Joe D.
On 04/09/2020 08:43, Aroop Ganguly wrote:
Try looking at a simple ldap authentication suggested here:
https://github.com/itzmestar/ldap_solr <https://github.com/itzmestar/ldap_solr>
You can combine this for authentication and couple it with rule based
authorization.
On Aug 28, 2020, at 12:26 PM, Vanalli, Ali A - DOT <ali.vana...@dot.wi.gov
<mailto:ali.vana...@dot.wi.gov>> wrote:
Hello,
Solr is running on windows machine and wondering if it possible to setup
BasicAuth with the LDAP?
Also, tried the example of Basic-Authentication that is published
here<https://lucene.apache.org/solr/guide/8_6/rule-based-authorization-plugin.html#rule-based-authorization-plugin
<https://lucene.apache.org/solr/guide/8_6/rule-based-authorization-plugin.html#rule-based-authorization-plugin>>
but this did not work too.
Thanks...Ali
