topic Re: REST Authentication to IDX Cluster Peer in Splunk Enterprise

REST Authentication to IDX Cluster Peer

TheEggi98 — Thu, 25 Apr 2024 14:09:48 GMT

Hi,
i have a question on Authenticating to IDX Cluster Peer via REST.

We have the following Environment:
3 IDX in Cluster
3 SH in Cluster
1 CM (License Manager, IDX Cluster Manager, Deployer & Deploymentserver)

Our normal Authentication for Web is currently with LDAP.

With my LDAP-User i can directly perform a GET request to an Indexer, but with a local User created over WebUI (tried local user in SHC and on CM) i cant perform any request to an indexer.

The WebUI is disabled on the Indexers and they dont have the LDAP Configuration as the Searchheads does.

How does it come, that the Indexer know my LDAP User but not the locally created?

And how can i let the indexers to get to know a locally on SH or CM created user?

Re: REST Authentication to IDX Cluster Peer

PickleRick — Thu, 25 Apr 2024 19:14:38 GMT

Each component has its own authentication settings (in case of search head cluster they are either pushed from deployer to all members or configured in run-time and distributed among members). So it's only natural that you can't authenticate to indexer using SH user.

If you can authenticate on your indexer it means someone needlessly pushed LDAP configuration to indexer layer (users don't interact with indexers directly!).

Re: REST Authentication to IDX Cluster Peer

TheEggi98 — Fri, 26 Apr 2024 06:40:15 GMT

Thank you, found the authentication.conf with LDAP Configuration on our indexers