03-13-2018 02:45 AM - last edited on 03-13-2018 09:17 AM by cjervis
Our cluster is secured with kerberos and we use sentry for authorization. We use Simple AD as Directory Service.
We have solr collections with solr secure conf and a role in sentry which is linked to a group. Now if we add some privilege or revoke some privilege from the role, they get reflected imidiately.
if we add some privilege or revoke some privilege from the role, they get reflected imidiately. The issue comes when we remove some user from ldap group or we add some user to ldap group, In this case even though the user is not part of the group anymore he is able to access the solr collection. if we revoke the privilege for the role, the deleted user is not able to access the collection but adding the privilege again brings back the issue.
If we restart the solr service then the deleted user is not able to access the collection since he not part of the group. Anyone has any solution for this problem.
03-13-2018 06:45 AM
After few hours it finally reflected the changes for the user.
NOTE: In ldap the changes are immediately reflected but solr doesn't seem to pick up these changes.