- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- User has matching LDAP groups, but none are mapped...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
User has matching LDAP groups, but none are mapped to Splunk roles
I am in the process of deploying Splunk 6.2.3, and am attempting to create LDAP integration and role mapping remotely - on the deployment server.
If I look at "Access controls/users" from within the GUI on the Search Head, I see the LDAP users and their assigned roles. I attempted to authenticate, and the error "user="username" has matching LDAP groups with strategy="DSAuth", but none are mapped to Splunk roles." Subsequent to this, if I return to "Access controls/users", my user-id is no longer listed.
If I go to "Access controls/Authentication method/LDAP strategies/LDAP Groups", and browse for the LDAP Group Names which contain Splunk users, the "Roles" column is blank. If I manually map the LDAP Group Name to the desired Role, I am then able to authenticate without issue.
Any assistance with diagnosing this Role mapping issue would be greatly appreciated.
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From another post - made it blank and it worked!
The Group Mapping attribute in AD should be left blank, or set to "distinguishedName" or "dn". This attribute specifies what field within the user record maps to the Group Member Attribute within the group. In AD (and LDAP in general) groups are not stored on the user object, but on the group object. The AD users memberof attribute is a synthetic attribute based on the group member attribute
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For each strategy you have defined you must click map groups and assign the role to the group.
If you have 10 strats and a a group called Splunk-admins. That will be 10 group mappings you must perform for splunk-admins.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have these manually mapped in a "local/authentication.conf" file which resides on the deployment server. Will this not map the groups/roles properly?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following is a quote from the documentation (http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/ConfigureLDAPwithconfigurationfiles#Map_g...
Map groups to roles
To map Splunk roles to a strategy's LDAP groups, you need to set up a roleMap stanza for that strategy. Each strategy requires its own roleMap stanza. This example maps roles for groups in the "ldaphost1" strategy:
[roleMap_ldaphost1]
admin = SplunkAdmins
itusers = ITAdmins
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
