I am in the process of deploying Splunk 6.2.3, and am attempting to create LDAP integration and role mapping remotely - on the deployment server.
If I look at "Access controls/users" from within the GUI on the Search Head, I see the LDAP users and their assigned roles. I attempted to authenticate, and the error "user="username" has matching LDAP groups with strategy="DSAuth", but none are mapped to Splunk roles." Subsequent to this, if I return to "Access controls/users", my user-id is no longer listed.
If I go to "Access controls/Authentication method/LDAP strategies/LDAP Groups", and browse for the LDAP Group Names which contain Splunk users, the "Roles" column is blank. If I manually map the LDAP Group Name to the desired Role, I am then able to authenticate without issue.
Any assistance with diagnosing this Role mapping issue would be greatly appreciated.
From another post - made it blank and it worked!
The Group Mapping attribute in AD should be left blank, or set to "distinguishedName" or "dn". This attribute specifies what field within the user record maps to the Group Member Attribute within the group. In AD (and LDAP in general) groups are not stored on the user object, but on the group object. The AD users memberof attribute is a synthetic attribute based on the group member attribute
For each strategy you have defined you must click map groups and assign the role to the group.
If you have 10 strats and a a group called Splunk-admins. That will be 10 group mappings you must perform for splunk-admins.
The following is a quote from the documentation (http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/ConfigureLDAPwithconfigurationfiles#Map_g...
Map groups to roles
To map Splunk roles to a strategy's LDAP groups, you need to set up a roleMap stanza for that strategy. Each strategy requires its own roleMap stanza. This example maps roles for groups in the "ldaphost1" strategy:
admin = SplunkAdmins
itusers = ITAdmins