https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143636#M4405 <P>I have configured LDAP authentication with Active Directory on Splunk. We are still waiting on the group to role mapping, so currently we have mapped individual users to specific roles.</P> <P>However, 1 of the 5 users we have currently mapped is unable to login. When I add his username to the authentication.conf file, I see his username, Full name and email address under Settings-&gt;Access controls-&gt;Users</P> <P>When he tries to log in, he gets "Invalid username or password" and immediately after that, his details are no longer visible under Settings-&gt;Access controls-&gt;Users</P> <P>splunkd.log only shows </P> <PRE><CODE>user=xxx action=login status=failure reason=user-initiated </CODE></PRE> <P>The password can't be invalid since he logs into his local machine with the same credentials. The other 4 users are able to log in successfully.<BR /> Also, since I can see his 'Full Name' under Settings-&gt;Access controls-&gt;Users , I don't think its a problem with his display name, either. </P> Tue, 14 Apr 2015 17:43:38 GMT nivedita_viswan 2015-04-14T17:43:38Z https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143636#M4405 <P>I have configured LDAP authentication with Active Directory on Splunk. We are still waiting on the group to role mapping, so currently we have mapped individual users to specific roles.</P> <P>However, 1 of the 5 users we have currently mapped is unable to login. When I add his username to the authentication.conf file, I see his username, Full name and email address under Settings-&gt;Access controls-&gt;Users</P> <P>When he tries to log in, he gets "Invalid username or password" and immediately after that, his details are no longer visible under Settings-&gt;Access controls-&gt;Users</P> <P>splunkd.log only shows </P> <PRE><CODE>user=xxx action=login status=failure reason=user-initiated </CODE></PRE> <P>The password can't be invalid since he logs into his local machine with the same credentials. The other 4 users are able to log in successfully.<BR /> Also, since I can see his 'Full Name' under Settings-&gt;Access controls-&gt;Users , I don't think its a problem with his display name, either. </P> Tue, 14 Apr 2015 17:43:38 GMT https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143636#M4405 nivedita_viswan 2015-04-14T17:43:38Z https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143637#M4406 <P>It turns out that this only happened for users who had capital letters in their LDAP usernames. I had initially configured the role mapping assuming case sensitivity. So I had</P> <P>admin = User1, user2, usEr3</P> <P>Thought the users could log into their systems irrespective of the case, they were unable to log into splunk. I changed the mapping so that all usernames had lower case letters:</P> <P>admin=user1,user2,user3</P> <P>This seemed to fix the issue, and all users can now log into Splunk.</P> Tue, 28 Apr 2015 21:27:58 GMT https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143637#M4406 nivedita_viswan 2015-04-28T21:27:58Z https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143638#M4407 <P>You just saved me, made some permission changes , roles etc... and if you have the LDAP in uppercase letters it fails. </P> Mon, 17 Apr 2017 16:31:48 GMT https://community.splunk.com/t5/Security/After-configuring-LDAP-authentication-with-Active-Directory-in/m-p/143638#M4407 mendesjo 2017-04-17T16:31:48Z