https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113976#M97628 <P>$SPLUNK_HOME/etc/users/myusername/myappname/local/configfile.conf files are created when you set or modify a config in the "myappname" context, and the config change is scoped to be private to the user "myusername". This is what you did with you original call. If you changed the config to have app or global scope, it would move out of the /users/ folder to the app directory.</P> <P>it's generally not preferred to edit config files via the REST API. it's better to make the proper API call to make the change.</P> Tue, 01 Apr 2014 04:09:05 GMT gkanapathy 2014-04-01T04:09:05Z https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113974#M97626 <P>I am trying to edit etc/system/local/authentication.conf via the rest API. I was advised to look at <BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.0.2/RESTAPI/RESTconfigurations">Edit Configs via Rest</A>; which seems to suggest something like the following should work</P> <PRE><CODE>curl -k -u admin:changeme <A href="https://localhost:8089/servicesNS/admin/search/properties/authentication/roleMap_MyDomain/app1role" target="test_blank">https://localhost:8089/servicesNS/admin/search/properties/authentication/roleMap_MyDomain/app1role</A> -d value="groupA;groupB" </CODE></PRE> <P>This does not work though. Instead it creates a second authentication.conf.</P> <P>After running the curl command above, I get the following from grep -r "app1role" ./*</P> <PRE><CODE>./system/local/authentication.conf: app1role = groupA ./users/admin/search/local/authentication.conf:app1role = groupA;groupB </CODE></PRE> <P>1) What does "user/admin/search" mapping even mean? <BR /> 2) If my goal is to edit the system/local version, what am I doing wrong?</P> Mon, 31 Mar 2014 23:17:10 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113974#M97626 juniormint 2014-03-31T23:17:10Z https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113975#M97627 <P>This seems to change system/local/authentication.conf</P> <PRE><CODE>curl -k -u admin:changeme <A href="https://localhost:8089/services/properties/authentication/roleMap_MyDomain/app1role" target="test_blank">https://localhost:8089/services/properties/authentication/roleMap_MyDomain/app1role</A> - d value="groupA;groupB" </CODE></PRE> <P>Still not clear on #1</P> Mon, 31 Mar 2014 23:30:56 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113975#M97627 juniormint 2014-03-31T23:30:56Z https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113976#M97628 <P>$SPLUNK_HOME/etc/users/myusername/myappname/local/configfile.conf files are created when you set or modify a config in the "myappname" context, and the config change is scoped to be private to the user "myusername". This is what you did with you original call. If you changed the config to have app or global scope, it would move out of the /users/ folder to the app directory.</P> <P>it's generally not preferred to edit config files via the REST API. it's better to make the proper API call to make the change.</P> Tue, 01 Apr 2014 04:09:05 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113976#M97628 gkanapathy 2014-04-01T04:09:05Z https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113977#M97629 <P>Thanks for your response. What would be an example of using the proper API call? What other way would you accomplish something like the above?</P> Tue, 01 Apr 2014 12:41:12 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113977#M97629 juniormint 2014-04-01T12:41:12Z https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113978#M97630 <P>Just a note if somebody runs into the same problem we did:<BR /> ... -d value="groupA;groupB;groupC"<BR /> everything after the first semicolon is cut and ignored, even though properly quoted in the command line.</P> <P>We could get around that by using the hex code representation for the semicolon:<BR /> ... -d value="groupA%3bgroupB&amp;3bgroupC"</P> Tue, 06 Sep 2016 12:40:58 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-edit-authentication-conf-via-Rest-round-2/m-p/113978#M97630 usd0872 2016-09-06T12:40:58Z