- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to build a dashboard where I can have a drop down for the list of users and use them to view their AD group, roles and permissions. Tried rest query : /rest/services/authentication/users but I can't get the ad group? If anyone has a similar dashboard can you please post the source code?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![koshyk koshyk](https://community.splunk.com/legacyfs/online/avatars/171489.jpg)
The above REST endpoint should give you all users within the system. in a cluster, you need to run from the SEARCH HEAD (not cluster-master etc.)
eg:
| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities
the role above is NOT the AD role, but the splunk role. The Splunk role is mapped to AD role in authentication.conf . if you want to see both then you need to co-relate users with LDAP-groups
| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities | join roles [| rest services/admin/LDAP-groups| rename eai:acl.perms.read as roles, title as AD_name| mvexpand roles| table roles,strategy,AD_name]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![dhaertel dhaertel](https://community.splunk.com/legacyfs/online/avatars/492895.jpg)
That was it, was set to use local authentication, no LDAP integration was made.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![koshyk koshyk](https://community.splunk.com/legacyfs/online/avatars/171489.jpg)
The above REST endpoint should give you all users within the system. in a cluster, you need to run from the SEARCH HEAD (not cluster-master etc.)
eg:
| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities
the role above is NOT the AD role, but the splunk role. The Splunk role is mapped to AD role in authentication.conf . if you want to see both then you need to co-relate users with LDAP-groups
| rest services/authentication/users| search type="LDAP"| table roles,title,realname,capabilities | join roles [| rest services/admin/LDAP-groups| rename eai:acl.perms.read as roles, title as AD_name| mvexpand roles| table roles,strategy,AD_name]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![dhaertel dhaertel](https://community.splunk.com/legacyfs/online/avatars/492895.jpg)
So, I'm not getting any results with the second one. No errors but no results either, so I might be missing something simple here. Should this work with version 6.5?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![koshyk koshyk](https://community.splunk.com/legacyfs/online/avatars/171489.jpg)
it should work with 6.5.x. The reason for not showing is it is not a Search Head which is integrated to LDAP. As mentioned, it won't remotely, You need to be physically on the Search Head which is integrated to the LDAP.
Can you please put the output of each section separately and see if they have any data in common
| rest services/authentication/users
| rest services/admin/LDAP-groups
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Similar question at How do we list the users within an ldap group?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![dhaertel dhaertel](https://community.splunk.com/legacyfs/online/avatars/492895.jpg)
Subscribing. This would be a nice dashboard for sure.
![](/skins/images/FE4825B2128CA5F641629E007E333890/responsive_peak/images/icon_anonymous_message.png)