Deployment Architecture

LDAP and Search Head Pooling - Role Mapping

Path Finder

I'm trying to use an approach like Search Head Pooling to share auth info to set up search head pooling. I'm thinking that I can keep my LDAP config in system/local (with the respective hashes), and then just set up a separate app for the role mappings. I just tested this by dumping the role mapping into the search app on the share storage, and it seems to work fine.

However, my question is, if I basically decide to manage all role mapping in a separate app, what's the easiest way to tell both search heads to re-read that (other than splunk restart)? I don't see anything about authentication in the app.conf triggers setup...


Tags (2)

Re: LDAP and Search Head Pooling - Role Mapping


I don't believe there's any better way than that detailed here:

splunk _internal call /authentication/providers/services/_reload -auth admin:changeme

Potentially via cron, of course.

(Users are checked against the LDAP server when they login as of 4.1.x, but it's certainly been my experience than groups, and thus mappings to roles, are not as af 4.2.2.)

View solution in original post