Deployment Architecture

Adding a new search head to an existing Search Head Cluster, if I want to add the same users from LDAP, can I just copy authorize.conf & authorization.conf?

rcreddy06
Path Finder

I am adding a new search head to the existing search head cluster. I want to add the same users to the new search head, from my LDAP. If I copy the authorize.conf & authorization.conf, will it allow the users to log in? Or should I go through the whole process from scratch?

Is it a good practice to keep these files on the Deployment server, so whenever a new server is added to the cluster, it automatically sends the config files?

1 Solution

msudhindra
Path Finder

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

View solution in original post

thormanrd
Path Finder

If you maintain these files on the Deployer node, how do you update the bind password? Wouldn't that have to be in clear text in the Deployer and a forced restart will hash it on the new search head? Seems very insecure.

0 Karma

msudhindra
Path Finder

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

View solution in original post

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!