Solved: Adding a new search head to an existing Search Hea...

rcreddy06 · ‎10-19-2015

I am adding a new search head to the existing search head cluster. I want to add the same users to the new search head, from my LDAP. If I copy the authorize.conf & authorization.conf, will it allow the users to log in? Or should I go through the whole process from scratch?

Is it a good practice to keep these files on the Deployment server, so whenever a new server is added to the cluster, it automatically sends the config files?

msudhindra · ‎10-19-2015

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

View solution in original post

thormanrd · ‎11-11-2019

If you maintain these files on the Deployer node, how do you update the bind password? Wouldn't that have to be in clear text in the Deployer and a forced restart will hash it on the new search head? Seems very insecure.

msudhindra · ‎10-19-2015

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

Adding a new search head to an existing Search Head Cluster, if I want to add the same users from LDAP, can I just copy authorize.conf & authorization.conf?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes