Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Adding a new search head to an existing Search Head Cluster, if I want to add the same users from LDAP, can I just copy authorize.conf & authorization.conf?

rcreddy06
Path Finder
‎10-19-2015 03:05 PM

I am adding a new search head to the existing search head cluster. I want to add the same users to the new search head, from my LDAP. If I copy the authorize.conf & authorization.conf, will it allow the users to log in? Or should I go through the whole process from scratch?

Is it a good practice to keep these files on the Deployment server, so whenever a new server is added to the cluster, it automatically sends the config files?

Reply
1 Solution
Solved! Jump to solution
Solution

msudhindra
Path Finder
‎10-19-2015 03:14 PM

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

View solution in original post

Reply
Solved! Jump to solution

thormanrd
Path Finder
‎11-11-2019 05:33 AM

If you maintain these files on the Deployer node, how do you update the bind password? Wouldn't that have to be in clear text in the Deployer and a forced restart will hash it on the new search head? Seems very insecure.

0 Karma
Reply
Solved! Jump to solution

nyajoefit22
Loves-to-Learn Lots
‎10-23-2024 03:00 AM

Hello. I know this is an old post, but running into this same issue with the bind password being insecure on the deployer. What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without the bind password  and then add another authentication.conf manually to each search head in system local with only the bind password in the stanza? 

0 Karma
Reply
Solved! Jump to solution
Solution

msudhindra
Path Finder
‎10-19-2015 03:14 PM

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top