topic Splunk LDAP integration support LDAP Extended Controls? in Security https://community.splunk.com/t5/Security/Splunk-LDAP-integration-support-LDAP-Extended-Controls/m-p/147979#M4532 <P>Does Splunk LDAP intergration support LDAP Extended Controls? In particular Matching rule OID 1.2.840.113556.1.4.1941 which is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match. </P> <P>I've tried implement this in my ldap strategy, but Splunk pukes; however, if I pass the same LDAP query listed in the AuthenticationManagerLDAP logging channel using Apache Directory Studio it works fine.</P> <P>Thanks in advanced,</P> <P>Additiona Links:<BR /> <A href="http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx">Search Filter Syntax</A><BR /> <A href="http://msdn.microsoft.com/en-us/library/cc223320.aspx">3.1.1.3.4.1 LDAP Extended Control</A><BR /> <A href="http://www.msresource.net/knowledge_base/articles/info:_what_are_active_directory_recursive_queries.html">Active Directory Recursive Queries</A></P> Wed, 30 Apr 2014 19:46:12 GMT bmacias84 2014-04-30T19:46:12Z Splunk LDAP integration support LDAP Extended Controls? https://community.splunk.com/t5/Security/Splunk-LDAP-integration-support-LDAP-Extended-Controls/m-p/147979#M4532 <P>Does Splunk LDAP intergration support LDAP Extended Controls? In particular Matching rule OID 1.2.840.113556.1.4.1941 which is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match. </P> <P>I've tried implement this in my ldap strategy, but Splunk pukes; however, if I pass the same LDAP query listed in the AuthenticationManagerLDAP logging channel using Apache Directory Studio it works fine.</P> <P>Thanks in advanced,</P> <P>Additiona Links:<BR /> <A href="http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx">Search Filter Syntax</A><BR /> <A href="http://msdn.microsoft.com/en-us/library/cc223320.aspx">3.1.1.3.4.1 LDAP Extended Control</A><BR /> <A href="http://www.msresource.net/knowledge_base/articles/info:_what_are_active_directory_recursive_queries.html">Active Directory Recursive Queries</A></P> Wed, 30 Apr 2014 19:46:12 GMT https://community.splunk.com/t5/Security/Splunk-LDAP-integration-support-LDAP-Extended-Controls/m-p/147979#M4532 bmacias84 2014-04-30T19:46:12Z Re: Splunk LDAP integration support LDAP Extended Controls? https://community.splunk.com/t5/Security/Splunk-LDAP-integration-support-LDAP-Extended-Controls/m-p/147980#M4533 <P>We have done this, and it does work.</P> <P>Here is an example of what we did.</P> <P>(&amp;(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=Splunk Access,ou=Groups,dc=contoso,dc=com))</P> Fri, 19 Sep 2014 19:50:21 GMT https://community.splunk.com/t5/Security/Splunk-LDAP-integration-support-LDAP-Extended-Controls/m-p/147980#M4533 thorwright 2014-09-19T19:50:21Z