Dashboards & Visualizations

Dashboard to view a list of users belonging to a user AD group in LDAP?

Mohsin123
Path Finder

I am trying to build a dashboard where I can have a drop down for the list of users and use them to view their AD group, roles and permissions. Tried rest query : /rest/services/authentication/users but I can't get the ad group? If anyone has a similar dashboard can you please post the source code?

0 Karma
1 Solution

koshyk
Super Champion

The above REST endpoint should give you all users within the system. in a cluster, you need to run from the SEARCH HEAD (not cluster-master etc.)

eg:

| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities

the role above is NOT the AD role, but the splunk role. The Splunk role is mapped to AD role in authentication.conf . if you want to see both then you need to co-relate users with LDAP-groups

| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities | join roles [| rest services/admin/LDAP-groups| rename eai:acl.perms.read as roles, title as AD_name| mvexpand roles| table roles,strategy,AD_name]

View solution in original post

dhaertel
Path Finder

That was it, was set to use local authentication, no LDAP integration was made.

0 Karma

koshyk
Super Champion

The above REST endpoint should give you all users within the system. in a cluster, you need to run from the SEARCH HEAD (not cluster-master etc.)

eg:

| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities

the role above is NOT the AD role, but the splunk role. The Splunk role is mapped to AD role in authentication.conf . if you want to see both then you need to co-relate users with LDAP-groups

| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities | join roles [| rest services/admin/LDAP-groups| rename eai:acl.perms.read as roles, title as AD_name| mvexpand roles| table roles,strategy,AD_name]

dhaertel
Path Finder

So, I'm not getting any results with the second one. No errors but no results either, so I might be missing something simple here. Should this work with version 6.5?

0 Karma

koshyk
Super Champion

it should work with 6.5.x. The reason for not showing is it is not a Search Head which is integrated to LDAP. As mentioned, it won't remotely, You need to be physically on the Search Head which is integrated to the LDAP.

Can you please put the output of each section separately and see if they have any data in common

| rest services/authentication/users

| rest services/admin/LDAP-groups
0 Karma

ddrillic
Ultra Champion
0 Karma

dhaertel
Path Finder

Subscribing. This would be a nice dashboard for sure.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...