Deployment Architecture

How to fix the Splunk LDAP AD SYN issue ?

Hemnaath
Motivator

Hi All,

One of our Cyber security person facing a strange issue while trying to access the data from the Splunk search portal.
Initial level of troubleshooting the issue we found that Roles/Permission are not syncing but later we found that Roles/Permission are auto changing frequently. We could not find any ERROR/WARN in the splunkd.log, so not sure how to troubleshoot this issue

Splunk version : 8.2 

OS: Linux 

Authentication mode: LDAP 

Environment: Splunk distributed Production Environment. 

Problem statement:  Roles/Permission are not syncing properly its getting auto changed frequently. 

Kindly let me know what are steps we should follow to troubleshoot this type of issue.

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...