From solr-user-return-150737-archive-asf-public=cust-asf.ponee.io@lucene.apache.org Tue Nov 19 10:02:00 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id CEC07180638 for ; Tue, 19 Nov 2019 11:01:59 +0100 (CET) Received: (qmail 33455 invoked by uid 500); 19 Nov 2019 10:01:54 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 33423 invoked by uid 99); 19 Nov 2019 10:01:54 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Nov 2019 10:01:54 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 9B67BC0E54 for ; Tue, 19 Nov 2019 10:01:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.199 X-Spam-Level: X-Spam-Status: No, score=-0.199 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=dtcc.com header.b=g6I0axn/; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=dtcc.com header.b=mhSm+Fza Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id xqvPnget_Z60 for ; Tue, 19 Nov 2019 10:01:49 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=207.45.43.148; helo=swcipg0003.dtcc.com; envelope-from=vkommu@dtcc.com; receiver= Received: from swcipg0003.dtcc.com (swcipg0003.dtcc.com [207.45.43.148]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 748BDBC6C6 for ; Tue, 19 Nov 2019 10:01:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dtcc.com; i=@dtcc.com; q=dns/txt; s=dtccdkim; t=1574157709; x=1575367309; h=arc-seal:arc-message-signature: arc-authentication-results:dkim-signature:from:to:subject: thread-topic:thread-index:date:message-id:references: in-reply-to:accept-language:content-language: x-ms-has-attach:x-ms-tnef-correlator:msip_labels: authentication-results:x-originating-ip: x-ms-publictraffictype: x-ms-office365-filtering-correlation-id: x-ms-traffictypediagnostic:x-ms-exchange-purlcount: x-microsoft-antispam-prvs:x-ms-oob-tlc-oobclassifiers: x-forefront-prvs:x-forefront-antispam-report: x-ms-exchange-senderadcheck:x-microsoft-antispam: x-microsoft-antispam-message-info: x-ms-exchange-transport-forked:content-type:mime-version: x-ms-exchange-crosstenant-network-message-id: x-ms-exchange-crosstenant-originalarrivaltime: x-ms-exchange-crosstenant-fromentityheader: x-ms-exchange-crosstenant-id: x-ms-exchange-crosstenant-mailboxtype: x-ms-exchange-crosstenant-userprincipalname: x-ms-exchange-transport-crosstenantheadersstamped: content-transfer-encoding; bh=zlLqBJk5eXIHkmjrfVBk3Uy0pZTDYL4Skbha/FP/6ds=; b=g6I0axn/6DWgEG+haoXJ4jz7W19LLya4tynAI3B/eS4fQIY7uImBc67d Fe8mU3Y+3XpWwMv+QoYO+gRPkFQkw64ayNREEiHrsieYZsvQgAT//LE0+ MamhWyi2BW78iKMICow/iIreDGKxQuLPv+gk2k7Wq46PKWYeObW2H3VLL prVJB1m8v4n+59l2xLc8Pd19Ul/p3PCZUqpk2m06OJ5iqsOFkmsVrsViQ lOL9GVI05R5lf4Bya2PnKXisUdlhRhbq0BkCS2O0EKQmvgUFobEs5muU0 /vsJ65QyUZq8SiysP8WJZapGO07mR3WqqvoE3iz+VqL9pLQ8g7xPBmfHl w==; ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QUdxaEQG1R7guWyj1JAbHAdAzTJW7AtlEWJAEtSaEdsEOVdCi2GMcTqUPEhokA72xoaDV0x18iEuYhbMwr1527E/WiUmYP5bPeuoA0HPqFZUCnfOU4I1B5C+lv20JY+expi3LEpjOOvFp0zEr0+r3gj9B166Nx76caQnh3BbrNKmrmZi71Z23Q7QWhNZLhHnPsNAbd1rpoREvMZ1B4ney7ED/1eb93fo1+KKwPmm8pFK3MovCmx48A1MfmKkXhL913O7+0MpTadhOOAVx1YKMJkBaToQSLsGnp0TuCmzVri0XkxA0K91F/EwQ2vsj9omH+iSXLGOahVJXZOaNC/Y7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RLG+rozifMf4KUNd4BTOyNs8188yeosFssjOsKzOoj8=; b=QtBMXGX8ttHroF4l7hvwvNEFtClcCtGL2LgQI21zfkol3B6h+dir8qJU6pqhTbkOjZt90d820upIM/Koit3EZJuo4/+nH88veZ4g7QgwJAtwkd0ggsjwpFkf/yRaLHXAooR0F6Hn4DhIKZJ0uTe9p/dyWN+TLcuwGBvSvyAv0H8U7qrre4Ppu/z62qSp1t+3TRSZWG164vynpyiMn2An+6QYDWuqlQrYIFQQg/fxXeyNxOuVE6nlU3MwjQSmqxerLJwH60+rD86EwMeEggOdX+mFx4D+CEHqWyzLi2gWiYLQnTgjYGul5ohuA3R2QPUvHAJw//IDq6ntvC0Nl5aEKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dtcc.com; dmarc=pass action=none header.from=dtcc.com; dkim=pass header.d=dtcc.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dtcc.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RLG+rozifMf4KUNd4BTOyNs8188yeosFssjOsKzOoj8=; b=mhSm+Fza9A8DWK9aIG0IvC1RBVywlhXv26vE+qRF42LWsU6bc6KX9yBgfezKq1qYOC9rfnjCIqIR+WayBFjVz77RTUOh1//8sHCqFeKgveuMBgE2E7hi5g37PbRfG6jJAyYt8W4DUCb6nikujIHBkFWLqxcR8D8x/3GOBEDObLw= From: "Kommu, Vinodh K." To: "solr-user@lucene.apache.org" Subject: RE: Active directory integration in Solr Thread-Topic: Active directory integration in Solr Thread-Index: AdWeIUSIFaC2dKkpTK69TSboi7bGGgAmfPkAAADQcAA= Date: Tue, 19 Nov 2019 10:00:40 +0000 Message-ID: References: <156a121f-504a-9fc7-70c8-bacc7e6adf48@flax.co.uk> In-Reply-To: <156a121f-504a-9fc7-70c8-bacc7e6adf48@flax.co.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_Enabled=True; MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_SiteId=0465519d-7f55-4d47-998b-55e2a86f04a8; MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_Owner=vkommu@dtcc.com; MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_SetDate=2019-11-19T10:00:36.2323350Z; MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_Name=DTCC Confidential (Yellow); MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_Application=Microsoft Azure Information Protection; MSIP_Label_76a2c49b-003c-4cb9-8556-de4a11b15d96_Extended_MSFT_Method=Manual; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_Enabled=True; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_SiteId=0465519d-7f55-4d47-998b-55e2a86f04a8; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_Owner=vkommu@dtcc.com; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_SetDate=2019-11-19T10:00:36.2323350Z; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_Name=No Marking; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_Application=Microsoft Azure Information Protection; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_Parent=76a2c49b-003c-4cb9-8556-de4a11b15d96; MSIP_Label_06dd8cc4-2721-4432-860c-f23060ae86b8_Extended_MSFT_Method=Manual; Sensitivity=DTCC Confidential (Yellow) No Marking authentication-results: spf=none (sender IP is ) smtp.mailfrom=vkommu@dtcc.com; x-originating-ip: [167.188.4.10] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 073ede64-5fe9-48cb-48bd-08d76cd7557f x-ms-traffictypediagnostic: BN7PR15MB2370: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 022649CC2C x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(39860400002)(366004)(376002)(136003)(396003)(13464003)(38564003)(189003)(199004)(64756008)(66476007)(66556008)(66446008)(476003)(66946007)(6246003)(486006)(2501003)(3846002)(6116002)(102836004)(7696005)(8676002)(2351001)(81156014)(8936002)(81166006)(53546011)(6506007)(66574012)(76176011)(305945005)(7736002)(5660300002)(66066001)(52536014)(26005)(11346002)(446003)(74316002)(33656002)(478600001)(45080400002)(186003)(966005)(14454004)(2906002)(6916009)(25786009)(5024004)(14444005)(256004)(99286004)(86362001)(9686003)(55016002)(229853002)(76116006)(6306002)(5640700003)(71200400001)(71190400001)(6436002)(316002);DIR:OUT;SFP:1101;SCL:1;SRVR:BN7PR15MB2370;H:BN7PR15MB2338.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tpvRPvRE8lAO0VdXVqp8LklgVUNDm7m1FGaqrcVgfR2XXqUAMx9yCSSifxVU5y6GxuK+IIJb1WOGTXiPGZ3S2SCdPwAvY+E+idw1cN4R3DU09InugSfANaphqPjwIkqf+JeXP9qVmSdZ5fGj6th/DrEwY1ugc0j2U4cHp83tNCaZlLjUy7ojgLDraTxWzQpR3Nb/QXcauOdQobWxLZNmPsARudjqrL7VpDJg42z7SSdsXgF1dlrkCHbH55+m5wuLuLmlAfdOPtZyQyZPPXyaMSABl8CAN7YCYvKevTpckHElwnjAvNC47PZ7RB1FjHy3+qklDjOlx7W1Ro+ef9Sfj0E5Lk8fyhsSXhl2Ai6mvjYi6pc3uhWxAEwJTz4xDhH2CV/O/qeRuFCdrKeqQs1GTCMolSgRhvUR58oW34Mie9TrGihQQjBAF7WlCB/lmvHeEfEsB5q9vW/ALQYzYDdKJvhCRpGoLJ63CM+1IFBqxz4= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 073ede64-5fe9-48cb-48bd-08d76cd7557f X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Nov 2019 10:00:40.3728 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 0465519d-7f55-4d47-998b-55e2a86f04a8 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZspRl6XXm1+/bC2fbkZujpMatl3k5m2LXBxxsKRcAFQ5ONoeW1JSnmY/JMjP2DJG X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR15MB2370 Content-Transfer-Encoding: quoted-printable Thanks Charlie. We are already using Basic authentication in our existing clusters, however= it's getting difficult to maintain number of users as we are getting too m= any requests for readonly access from support teams. So we desperately look= ing for active directory solution. Just wondering if someone might have sam= e requirement need. Regards, Vinodh = -----Original Message----- From: Charlie Hull = Sent: Tuesday, November 19, 2019 2:55 PM To: solr-user@lucene.apache.org Subject: Re: Active directory integration in Solr ATTENTION! This email originated outside of DTCC; exercise caution. Not out of the box, there are a few authentication plugins bundled but not = for AD https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Flucene.= apache.org%2Fsolr%2Fguide%2F7_2%2Fauthentication-and-authorization-plugins.= html&data=3D02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26= 635%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245309858&sda= ta=3DfkahJ62aWFYh7QxcyFQbJV9u8OsTYSWp6pv0MNdzjps%3D&reserved=3D0 - there's also some useful stuff in Apache ManifoldCF https://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.fra= ncelabs.com%2Fblog%2Ftutorial-on-authorizations-for-manifold-cf-and-solr%2F= &data=3D02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%= 7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata= =3DiYiKRDJKYBZaxUd%2F%2BIddFBwxB2RhSqih2KZc26aZlRU%3D&reserved=3D0 Best Charlie On 18/11/2019 15:08, Kommu, Vinodh K. wrote: > Hi, > > Does anyone know that Solr has any out of the box capability to integrate= Active directory (using LDAP) when security is enabled? Instead of creatin= g users in security.json file, planning to use users who already exists in = active directory so they can use their individual credentials rather than d= efining in Solr. Did anyone came across similar requirement? If so was ther= e any working solution? > > > Thanks, > Vinodh > > DTCC DISCLAIMER: This email and any files transmitted with it are confide= ntial and intended solely for the use of the individual or entity to whom t= hey are addressed. If you have received this email in error, please notify = us immediately and delete the email and any attachments from your system. T= he recipient should check this email and any attachments for the presence o= f viruses. The company accepts no liability for any damage caused by any vi= rus transmitted by this email. > -- Charlie Hull Flax - Open Source Enterprise Search tel/fax: +44 (0)8700 118334 mobile: +44 (0)7767 825828 web: https://nam02.safelinks.protection.outlook.com/?url=3Dwww.flax.co.uk&a= mp;data=3D02%7C01%7Cvkommu%40dtcc.com%7C2e17e1feef78432502e008d76cd26635%7C= 0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637097523245319858&sdata=3DY= NGIg%2FVgL2w82i3JWsBkBTJeefHMjSxbjLaQyOdJVt0%3D&reserved=3D0 DTCC DISCLAIMER: This email and any files transmitted with it are confident= ial and intended solely for the use of the individual or entity to whom the= y are addressed. If you have received this email in error, please notify us= immediately and delete the email and any attachments from your system. The= recipient should check this email and any attachments for the presence of = viruses. The company accepts no liability for any damage caused by any viru= s transmitted by this email.