Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Adding a new search head to an existing Search Head Cluster, if I want to add the same users from LDAP, can I just copy authorize.conf & authorization.conf?

rcreddy06
Path Finder
‎10-19-2015 03:05 PM

I am adding a new search head to the existing search head cluster. I want to add the same users to the new search head, from my LDAP. If I copy the authorize.conf & authorization.conf, will it allow the users to log in? Or should I go through the whole process from scratch?

Is it a good practice to keep these files on the Deployment server, so whenever a new server is added to the cluster, it automatically sends the config files?

Reply
1 Solution
Solved! Jump to solution
Solution

msudhindra
Path Finder
‎10-19-2015 03:14 PM

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

View solution in original post

Reply
Solved! Jump to solution

thormanrd
Path Finder
‎11-11-2019 05:33 AM

If you maintain these files on the Deployer node, how do you update the bind password? Wouldn't that have to be in clear text in the Deployer and a forced restart will hash it on the new search head? Seems very insecure.

0 Karma
Reply
Solved! Jump to solution

nyajoefit22
Loves-to-Learn Lots
‎10-23-2024 03:00 AM

Hello. I know this is an old post, but running into this same issue with the bind password being insecure on the deployer. What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without the bind password  and then add another authentication.conf manually to each search head in system local with only the bind password in the stanza? 

0 Karma
Reply
Solved! Jump to solution
Solution

msudhindra
Path Finder
‎10-19-2015 03:14 PM

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...