manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Solr Output Connector: SolrCloud with Kerberos / Zookeeper with Kerberos
Date Tue, 17 Dec 2019 12:09:42 GMT
Please do!
Karl


On Tue, Dec 17, 2019 at 7:06 AM Jörn Franke <jornfranke@gmail.com> wrote:

> Thanks a lot Karl for your feedback. Do you mind if I create a Jira where
> I report on the progress?
>
> Am 17.12.2019 um 12:22 schrieb Karl Wright <daddywri@gmail.com>:
>
> 
> Well, you can certainly attempt this simply enough then if you build from
> source.  I'd prefer that you validate the approach before we make permanent
> commits.
>
> Please let me know what works and what doesn't.
>
> Karl
>
>
> On Tue, Dec 17, 2019 at 1:22 AM Jörn Franke <jornfranke@gmail.com> wrote:
>
>> I agree.
>> The delegation part is not relevant for me. I also do not believe it
>> makes sense at the ETL level.
>>  I think still we need add the one line of code that allows to use
>> Kerberos (second line in the example).
>>
>> Am 17.12.2019 um 01:35 schrieb Karl Wright <daddywri@gmail.com>:
>>
>> 
>> Hi Jorn,
>>
>> The code referenced cannot be set up differently from connection to
>> connection so there is no point in having this be anything other than
>> global.  In that case you can point at the config file with
>> -D<parameter>=value and it will do the same thing as setting a system
>> property.
>>
>> The token delegation with HttpClient I'll have to study to confirm that
>> we're doing this right in the connector.
>>
>> Karl
>>
>>
>>
>> On Mon, Dec 16, 2019 at 6:15 PM Jörn Franke <jornfranke@gmail.com> wrote:
>>
>>> Thanks a lot for the quick reply. Actually it is here:
>>> https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr
>>> It is also available in the previous versions of Solr.
>>> I wonder how easy it would be to add a configuration to the Manifold UI
>>> to point to a jaas-client.conf. However, it is also not strictly necessary
>>> that this one is configurable in the UI. It could be also a checkbox yes/no
>>> Kerberos authentication and the jaas-client.conf could be put in a certain
>>> folder.
>>>
>>> Interesting would be also if Solr 8.x can be made work in this setting.
>>>
>>> On Mon, Dec 16, 2019 at 11:47 PM Karl Wright <daddywri@gmail.com> wrote:
>>>
>>>> The Solr Output Connector uses a patched HttpComponents/HttpClient for
>>>> communication with the various Solr Cloud replicas, along with custom
>>>> versions of some of the SolrJ classes which allow multipart posts to work.
>>>> Other than that it's standard SolrJ.  Whatever SolrJ needs to work with
>>>> Kerberos, therefore, should work with the ManifoldCF Solr Output
>>>> Connector.  So if you can point me at the SolrJ documentation for this
>>>> configuration I can perhaps review it and give you my opinion as to the
>>>> difficulty involved.
>>>>
>>>> Karl
>>>>
>>>>
>>>> On Mon, Dec 16, 2019 at 5:31 PM Jörn Franke <jornfranke@gmail.com>
>>>> wrote:
>>>>
>>>>> Hallo,
>>>>>
>>>>> does the Solr Output Connector support SolrCloud with Kerberos
>>>>> authentication and Zookeeper with Kerberos authentication?
>>>>>
>>>>> If so, how can this be configured?
>>>>>
>>>>> If it is not supported, is there an "easy" way to integrate this? From
>>>>> a development perspective the Kerberos Authentication with both is not
>>>>> difficult to achieve, but of course it stil needs to be integrated in
the
>>>>> whole solution.
>>>>>
>>>>> Thank you.
>>>>>
>>>>> Best regards
>>>>>
>>>>

Mime
View raw message