Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to display the status of an account in Splunk UI as disabled when they have been disabled in LDAP?

slicedtechsuppo
Engager
‎02-28-2022 07:11 PM

We are currently auditing the OSB Splunk user access accounts for both of our instances.

Unfortunately Splunk doesn't show or display under its user settings when an account has been disabled from LDAP (at the moment all the accounts are shown as 'Active'). Also, since user authentication has been configured by using LDAP, can you please confirm or advise why is not possible to display the status of an account in Splunk UI as disabled when they have been disabled in LDAP?

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-02-2022 06:12 AM

Splunk is not synchronized with the LDAP provider so it will not necessarily show the same status as the provider.  The LDAP config is only used during login to authenticate the user and get the group(s) to which they are a member.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...