https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109524#M3508 <P>Hi, <BR /> I have created LDAP configuration in our SPLUNK deployment.</P> <H1>Version 6.0</H1> <H1>DO NOT EDIT THIS FILE!</H1> <H1>Please make all changes to files in $SPLUNK_HOME/etc/system/local.</H1> <H1>To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/system/default</H1> <H1>into ../local and edit there.</H1> <H1>This file configures authentication.</H1> <P>[authentication]<BR /> authType = LDAP<BR /> authSettings = SHC</P> <H1>Note: the caching specified in this stanza only applies to scripted authentication.</H1> <H1>If you are using scripted authentication, you can override these cache timing values in</H1> <H1>your $SPLUNK_HOME/etc/system/local/authentication.conf</H1> <P>[SHC]<BR /> host = XXXXXXXXXXXXXXXXXXXXX<BR /> port = 389<BR /> SSLEnabled = 0</P> <H1>bindDN = anonymous</H1> <H1>User Configurations</H1> <P>realNameAttribute = cn<BR /> userBaseDN = ou=people,o=intra,dc=sears,dc=com<BR /> userBaseFilter = (objectclass=*)<BR /> userNameAttribute = uid</P> <H1>Group Configurations</H1> <P>groupBaseDN = ou=people,o=intra,dc=sears,dc=com<BR /> groupBaseFilter = (objectclass=*)<BR /> groupMappingAttribute = uid<BR /> groupMemberAttribute = uid<BR /> groupNameAttribute = uid</P> <P>[roleMap_SHC]<BR /> admin = lbirnba;pbussie;rsen0;vjaiswa</P> <P>All the users have got added. But they they are not able to login(except for the admin users). I think I need to assign each user to a role before they can login. I am thinking of assigning the "user" role to all users. How do I achieve that without using groups. We do not use groups in our LDAP. </P> Thu, 27 Mar 2014 14:38:20 GMT romitsn 2014-03-27T14:38:20Z https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109524#M3508 <P>Hi, <BR /> I have created LDAP configuration in our SPLUNK deployment.</P> <H1>Version 6.0</H1> <H1>DO NOT EDIT THIS FILE!</H1> <H1>Please make all changes to files in $SPLUNK_HOME/etc/system/local.</H1> <H1>To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/system/default</H1> <H1>into ../local and edit there.</H1> <H1>This file configures authentication.</H1> <P>[authentication]<BR /> authType = LDAP<BR /> authSettings = SHC</P> <H1>Note: the caching specified in this stanza only applies to scripted authentication.</H1> <H1>If you are using scripted authentication, you can override these cache timing values in</H1> <H1>your $SPLUNK_HOME/etc/system/local/authentication.conf</H1> <P>[SHC]<BR /> host = XXXXXXXXXXXXXXXXXXXXX<BR /> port = 389<BR /> SSLEnabled = 0</P> <H1>bindDN = anonymous</H1> <H1>User Configurations</H1> <P>realNameAttribute = cn<BR /> userBaseDN = ou=people,o=intra,dc=sears,dc=com<BR /> userBaseFilter = (objectclass=*)<BR /> userNameAttribute = uid</P> <H1>Group Configurations</H1> <P>groupBaseDN = ou=people,o=intra,dc=sears,dc=com<BR /> groupBaseFilter = (objectclass=*)<BR /> groupMappingAttribute = uid<BR /> groupMemberAttribute = uid<BR /> groupNameAttribute = uid</P> <P>[roleMap_SHC]<BR /> admin = lbirnba;pbussie;rsen0;vjaiswa</P> <P>All the users have got added. But they they are not able to login(except for the admin users). I think I need to assign each user to a role before they can login. I am thinking of assigning the "user" role to all users. How do I achieve that without using groups. We do not use groups in our LDAP. </P> Thu, 27 Mar 2014 14:38:20 GMT https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109524#M3508 romitsn 2014-03-27T14:38:20Z https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109525#M3509 <P>See accepted answer in this post if its of any use.<BR /> <A href="http://answers.splunk.com/answers/43842/mapping-ldap-user-to-roles-matched-groups-are-not-found-in-roles">http://answers.splunk.com/answers/43842/mapping-ldap-user-to-roles-matched-groups-are-not-found-in-roles</A></P> Thu, 27 Mar 2014 15:11:07 GMT https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109525#M3509 somesoni2 2014-03-27T15:11:07Z https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109526#M3510 <P>We are using LDAP group and then map Splunk role with each LDAP group. Role is assigned to LDAP users by adding them to the appropriate LDAP group.</P> <P>In your case without using LDAP groups, if admin role users can log in then by the same token, you can assign users to Splunk role 'user' as follow under 'roleMap_SHC' stanza:</P> <P>[roleMap_SHC]<BR /> admin = lbirnba;pbussie;rsen0;vjaiswa<BR /> user = <USR1>;<USR2>;<USR3></USR3></USR2></USR1></P> <P>Ming</P> Thu, 27 Mar 2014 15:18:35 GMT https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109526#M3510 yungro 2014-03-27T15:18:35Z https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109527#M3511 <P>The only problem is that I cannot add all users like that. Is there any way to set all users to have "user" role by default.Something like --</P> <P>user = ALL<BR /> or<BR /> user = *</P> <P>I tried both but not working.</P> Thu, 27 Mar 2014 16:07:51 GMT https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109527#M3511 romitsn 2014-03-27T16:07:51Z https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109528#M3512 <P>The only way I can think of is to use scripted authentication.</P> <P>You can find more info at <A href="http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentication">http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentication</A>.</P> <P>-Ming</P> Thu, 27 Mar 2014 16:56:55 GMT https://community.splunk.com/t5/Security/mapping-users-to-role/m-p/109528#M3512 yungro 2014-03-27T16:56:55Z