https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9154#M6 <P>Another great (freeware) LDAP browser is <A href="http://directory.apache.org/studio/" rel="nofollow">Apache Directory Studio</A>. You can download builds for OSX, Linux and Windows.</P> Tue, 13 Apr 2010 03:13:24 GMT the_wolverine 2010-04-13T03:13:24Z https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9151#M3 <P>I need to figure out what LDAP values I should be using to make auth work.</P> Fri, 15 Jan 2010 05:47:24 GMT https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9151#M3 matt 2010-01-15T05:47:24Z https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9152#M4 <P>If you are comfortable with the command line you can run the command <A href="http://support.microsoft.com/kb/237677" rel="nofollow">ldifede</A>. The ldifde command is the windows equivalent of ldapsearch and should allow you to get an ldif entry for yourself and a group. With those two entries we should be able to come up with authentication.conf that will allow Splunk to authenticate users.</P> <P>If you are more comfortable with a GUI The Sysinternals team offers a nice utility called <A href="http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx" rel="nofollow">Active Directory Explorer</A>. This gives you tree view of your Active Directory/LDAP structure similar to Windows Explorer.</P> <P>Both "LDP" and "ADSIEDIT.MSC" are built in utilities that allow you to have a GUI view of Active Directory. Run them from "Start--&gt; Run" in Windows on your AD Server</P> <P>The values that you will need to map are:</P> <P><STRONG>BindDN:</STRONG> This will be the full Distinguised Name of the user that Splunk is going to connect to the AD server as</P> <P><STRONG>UserBaseDN:</STRONG> Look at the Distinguished name for the user that you got from ldifde and take everything after cn=foo</P> <P><STRONG>GroupBaseDN:</STRONG> Look at the Distinguished name for the group that you got from ldifde and take everything after cn=foo</P> <P><STRONG>Real name attribute:</STRONG> Look for the key that is associated with the full name of the user (likely displayName)</P> <P><STRONG>Group name attribute:</STRONG> Look for the key that is associated with the full name of the group (likely cn)</P> <P><STRONG>Group member attribute:</STRONG> Its usually <CODE>memberOf</CODE> or <CODE>member</CODE>, depending on whether the memberships are listed in the group entry or the user entry</P> <P>You may also want to check out this <A href="http://blip.tv/file/2878148" rel="nofollow">video</A> from the Splunk Ninja</P> Fri, 15 Jan 2010 06:11:32 GMT https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9152#M4 matt 2010-01-15T06:11:32Z https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9153#M5 <P>There are good examples for using ldif and ldapsearch on the splunk documentation. <A href="http://docs.splunk.com/Documentation/Splunk/5.0/Security/SetupuserauthenticationwithLDAP" rel="nofollow">http://docs.splunk.com/Documentation/Splunk/5.0/Security/SetupuserauthenticationwithLDAP</A></P> Fri, 15 Jan 2010 06:52:54 GMT https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9153#M5 benstraw 2010-01-15T06:52:54Z https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9154#M6 <P>Another great (freeware) LDAP browser is <A href="http://directory.apache.org/studio/" rel="nofollow">Apache Directory Studio</A>. You can download builds for OSX, Linux and Windows.</P> Tue, 13 Apr 2010 03:13:24 GMT https://community.splunk.com/t5/Security/How-do-I-get-LDAP-values-from-Active-Directory/m-p/9154#M6 the_wolverine 2010-04-13T03:13:24Z