All Apps and Add-ons

How can I integrate Identity Manager (IdM) with Splunk?

guimilare
Communicator

Hello Splunkers.

How can I integrate IdM (Identity Manager) with Splunk?
For LDAP data, I'm using the Splunk Support for Active Directory add-on so I can run a ldapsearch command.

But I'm kind of lost on how to integrate IdM (IdM by Novell).

Any ideas?

Thank you all!
Regards

0 Karma
1 Solution

guimilare
Communicator

I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.

View solution in original post

0 Karma

guimilare
Communicator

I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.

0 Karma

evinasco
Communicator

hi, could you let me know abput this script?, i have the same problem

0 Karma

GregMefford
Explorer

I'm not sure about Novell IdM, but many IdM providers use the SAML protocol to authenticate users.

You can configure SAML authentication according to the following documentation: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/HowSAMLSSOworks

If it doesn't support SAML, try to figure out which protocols it does support and you may find an app to integrate with it.
Worst-case, you can use Splunk's scripted authentication interface or the Linux PAM interface to pass through the authentication from the servers that Splunk runs on.

http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentica...

0 Karma

guimilare
Communicator

I'm trying to use the Splunk Support for Active Directory add-on, but I receive the following error:

idmprd01.bnet: Could not access the directory service at ldap://idmprd01.bnet:389

Here is my ldap.conf

[bnet]
alternatedomain = bnet\
basedn = dc=bnet
binddn = splunk
password =
server = idmprd01.bnet
ssl = 0

Any ideas?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

You will need to file a ticket and have them open port to LDAP and you better use LDAPs (usually port 636 i believe)

but best to configure SAML using the authentication settings.

0 Karma

guimilare
Communicator

In fact, what I want is to get the identity data that is at IdM.
For example, I can get an ID from application logs, and I want to get the login e user name on IdM that correlates to this ID.

I think that Splunk Support for Active Directory add-on can help me on this one, I'm not sure how to configure it.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...