All Apps and Add-ons

How can I integrate Identity Manager (IdM) with Splunk?

guimilare
Communicator

Hello Splunkers.

How can I integrate IdM (Identity Manager) with Splunk?
For LDAP data, I'm using the Splunk Support for Active Directory add-on so I can run a ldapsearch command.

But I'm kind of lost on how to integrate IdM (IdM by Novell).

Any ideas?

Thank you all!
Regards

0 Karma
1 Solution

guimilare
Communicator

I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.

View solution in original post

0 Karma

guimilare
Communicator

I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.

0 Karma

evinasco
Communicator

hi, could you let me know abput this script?, i have the same problem

0 Karma

GregMefford
Explorer

I'm not sure about Novell IdM, but many IdM providers use the SAML protocol to authenticate users.

You can configure SAML authentication according to the following documentation: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/HowSAMLSSOworks

If it doesn't support SAML, try to figure out which protocols it does support and you may find an app to integrate with it.
Worst-case, you can use Splunk's scripted authentication interface or the Linux PAM interface to pass through the authentication from the servers that Splunk runs on.

http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentica...

0 Karma

guimilare
Communicator

I'm trying to use the Splunk Support for Active Directory add-on, but I receive the following error:

idmprd01.bnet: Could not access the directory service at ldap://idmprd01.bnet:389

Here is my ldap.conf

[bnet]
alternatedomain = bnet\
basedn = dc=bnet
binddn = splunk
password =
server = idmprd01.bnet
ssl = 0

Any ideas?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

You will need to file a ticket and have them open port to LDAP and you better use LDAPs (usually port 636 i believe)

but best to configure SAML using the authentication settings.

0 Karma

guimilare
Communicator

In fact, what I want is to get the identity data that is at IdM.
For example, I can get an ID from application logs, and I want to get the login e user name on IdM that correlates to this ID.

I think that Splunk Support for Active Directory add-on can help me on this one, I'm not sure how to configure it.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...