Awen Saunders
2021-Mar-16 04:16 UTC
[Samba] Spotlight with Elasticsearch backend authentication support?
Hi there, I was looking into setting up the spotlight support with the elasticsearch backend, and I couldn't find any mention of if it might be possible to set it up with the security plugins available for elasticsearch (either elastic's x-pack [1] or amazon's opendistro [2] security). Is this supported at all and I'm just not seeing it? If we could set the basic-auth headers with any of the requests that samba is sending off to ES, that would probably be good enough. Ideally, we could set any auth headers we wanted with those requests (say a bearer token etc). That would make it possible for me to run the ES server locally on my machine (or elsewhere) without exposing the index of all my files to anyone who could get access to the ES rest interface (like a low-priv shell user). I think the relevant code is in mdssvc_es.c within mds_es_search_send(), but I'm not really a C developer, and I have little familiarity with the Samba codebase, so I'm not totally sure. If anyone else is interested, I'm fairly confident it would be a simple patch. [1] https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-security.html [2] https://opendistro.github.io/for-elasticsearch-docs/docs/security/ Kind regards, Awen Saunders
Ralph Boehme
2021-Mar-16 08:55 UTC
[Samba] Spotlight with Elasticsearch backend authentication support?
Hi Awen, Am 3/16/21 um 5:16 AM schrieb Awen Saunders via samba:> I was looking into setting up the spotlight support with the > elasticsearch backend, and I couldn't find any mention of if it might > be possible to set it up with the security plugins available for > elasticsearch (either elastic's x-pack [1] or amazon's opendistro [2] > security). Is this supported at all and I'm just not seeing it?you're right, sadly there's no support for any of this yet. I'm happy to review patches that add the feature and CI tests. -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210316/5fb989ce/OpenPGP_signature.sig>