Enable LDAP authentication in Solr
You can configure LDAP-based authentication using Cloudera Manager at the Solr service level.
Solr supports LDAP authentication for external Solr clients including:
- Command-line tools
- Web browsers
- Solr Java clients
In some cases, Solr does not support LDAP authentication. Use Kerberos authentication instead in these cases. Solr does not support LDAP authentication with:
- Search indexing components including the MapReduce indexer and Lily HBase indexer.
- Solr internal requests such as those for replication or querying.
- Hadoop delegation token management requests such as
- Configuring LDAP authentication requires that Kerberos authentication is already configured and enabled in Solr.
- For secure LDAP connections, it is a prerequisite that TLS/SSL has been configured and enabled in Solr.
- In Cloudera Manager select the Solr service.
- Click the Configuration tab.
- Select .
- Select .
- Select Enable LDAP Authentication.
Enter the LDAP URL in the LDAP URL property.
To configure a TLS encrypted LDAP connection, select one of the following options:
The default port is 636.
To configure LDAP with unencrypted transmission of usernames and passwords, set
The default port is 389.
Select Enable LDAP TLS. This is not required when using an LDAP URL with prefix
ldaps://, because that already specifies TLS.
ldap://<ldap_server>:<port>, without setting Enable LDAP TLS.
Configure only one of following mutually exclusive parameters:
- LDAP BaseDN: Replaces the username with a
"distinguished name" (DN) of the form:
uid=userid,ldap_baseDN. Typically used for OpenLDAP server installation.
- Active Directory Domain: Replaces the username
with a string
username@ldap_domain. Typically used for Active Directory server installation.
- LDAP BaseDN: Replaces the username with a "distinguished name" (DN) of the form:
- Launch the Stale Configuration wizard to restart the Solr service and any dependent services.