All Apps and Add-ons

LDAPsearch is not showing latest group membership

jdunlea
Contributor

I have recently added a user to a group.

When I query the user's AD object using ldapsearch, I can see his group membership, however the new group that he was added to is nowhere to be seen.

What is the issue here? Is there some sort of AD cache that the ldapsearch command is querying and the new group membership change has not been updated in the cache? (Or something like that)

0 Karma
1 Solution

jdunlea
Contributor

Turns out the problem was the type of group that I was looking at. It was a global group and not a universal group in AD and hence it was not propagating across all of the domains.

Once I changed the group type it worked perfectly.

Thanks for the help!

View solution in original post

0 Karma

jdunlea
Contributor

Turns out the problem was the type of group that I was looking at. It was a global group and not a universal group in AD and hence it was not propagating across all of the domains.

Once I changed the group type it worked perfectly.

Thanks for the help!

0 Karma

nnmiller
Contributor

Have you verified that AD is properly replicating?

Try using an AD account with admin privileges to do the ldapsearch command. If that account can see the members, then the generic ldap query user does not have the proper permissions to read the AD objects; you will have to add read group membership (at a minimum) to the generic ldap query user's permissions.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...