Deployment Architecture

Adding a new search head to an existing Search Head Cluster, if I want to add the same users from LDAP, can I just copy authorize.conf & authorization.conf?

rcreddy06
Path Finder

I am adding a new search head to the existing search head cluster. I want to add the same users to the new search head, from my LDAP. If I copy the authorize.conf & authorization.conf, will it allow the users to log in? Or should I go through the whole process from scratch?

Is it a good practice to keep these files on the Deployment server, so whenever a new server is added to the cluster, it automatically sends the config files?

1 Solution

msudhindra
Path Finder

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

View solution in original post

thormanrd
Path Finder

If you maintain these files on the Deployer node, how do you update the bind password? Wouldn't that have to be in clear text in the Deployer and a forced restart will hash it on the new search head? Seems very insecure.

0 Karma

nyajoefit22
Loves-to-Learn Lots

Hello. I know this is an old post, but running into this same issue with the bind password being insecure on the deployer. What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without the bind password  and then add another authentication.conf manually to each search head in system local with only the bind password in the stanza? 

0 Karma

msudhindra
Path Finder

I maintain the authentication.conf and authorization.conf files on the deployer and push the same out to all search head cluster nodes.

We map our roles to LDAP groups, and that way, we can just add new users to the LDAP group in question, and that propagates across all search head cluster members.

Saves me the hassle of making changes to each and every search head node when roles or users are added.

Regards,
Madan Sudhindra

Get Updates on the Splunk Community!

Best Strategies to Optimize Observability Costs

 Join us on Tuesday, May 6, 2025, at 11 AM PDT / 2 PM EDT for an insightful session on optimizing ...

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...