Enable LDAP Authentication in Solr

You can configure LDAP-based authentication using Cloudera Manager at the Solr service level.

Solr supports LDAP authentication for external Solr clients including:
  • Command-line tools
  • curl
  • Web browsers
  • Solr Java clients
In some cases, Solr does not support LDAP authentication. Use Kerberos authentication instead in these cases. Solr does not support LDAP authentication with:
  • Search indexing components including the MapReduce indexer and Lily HBase indexer.
  • Solr internal requests such as those for replication or querying.
  • Hadoop delegation token management requests such as GETDELEGATIONTOKEN or RENEWDELEGATIONTOKEN.
  • Configuring LDAP authentication requires that Kerberos authentication is already configured and enabled in Solr.
  • For secure LDAP connections, it is a prerequisite that TLS/SSL has been configured and enabled in Solr.
  1. In Cloudera Manager select the Solr service.
  2. Click the Configuration tab.
  3. Select Scope > Solr.
  4. Select Category > Security.
  5. Select Enable LDAP Authentication.
  6. Enter the LDAP URL in the LDAP URL property.
    To configure a TLS encrypted LDAP connection, select one of the following options:
    • ldaps://<ldap_server>:<port>

      The default port is 636.

    OR

    • ldap://<ldap_server>:<port>

      The default port is 389.

      Select Enable LDAP TLS. This is not required when using an LDAP URL with prefix ldaps://, because that already specifies TLS.

    To configure LDAP with unencrypted transmission of usernames and passwords, set ldap://<ldap_server>:<port>, without setting Enable LDAP TLS.
  7. Configure only one of following mutually exclusive parameters:
    • LDAP BaseDN: Replaces the username with a "distinguished name" (DN) of the form: uid=userid,ldap_baseDN. Typically used for OpenLDAP server installation.
    • Active Directory Domain: Replaces the username with a string username@ldap_domain. Typically used for Active Directory server installation.
  8. Launch the Stale Configuration wizard to restart the Solr service and any dependent services.