Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does the Universal Forwarder Support LDAP?

rengle
Engager
‎07-16-2015 10:38 AM

We use the REST API regularly with several of our Universal Forwarders.

I would like to setup LDAP with all of them so that we can more easily manage who has access to the REST API and also enforce password controls.

I have distributed a TA with our LDAP configs and the password is being hashed and accepted. The Configuration shows up in btool when I run it.

However, when I try and authenticate with an LDAP account the authentication fails. Furthermore, LDAP users do not show up when I query the REST endpoint on:

/services/authentication/users

How do I confirm that LDAP is not running and if it is not, how do I enable it on a Universal Forwarder? Is LDAP handled through cherrypy and is therefore unavailable?

Reply
1 Solution
Solved! Jump to solution
Solution

rengle
Engager
‎07-16-2015 01:13 PM

Found the issue.

Because my splunk.secret file is different for all of these forwarders, my hashed password was not being decrypted correctly. (and therefore the credentials were invalid)

I was able to get LDAP to work by distributing the password in plaintext, then having the forwarders hash it themselves.

In the future I will work to distribute our splunk.secret key to our forwarding infrastructure as well.

For future reference, LDAP is compatible with the Universal Forwarder.

Thanks for your help.

View solution in original post

Reply
Solved! Jump to solution
Solution

rengle
Engager
‎07-16-2015 01:13 PM

Found the issue.

Because my splunk.secret file is different for all of these forwarders, my hashed password was not being decrypted correctly. (and therefore the credentials were invalid)

I was able to get LDAP to work by distributing the password in plaintext, then having the forwarders hash it themselves.

In the future I will work to distribute our splunk.secret key to our forwarding infrastructure as well.

For future reference, LDAP is compatible with the Universal Forwarder.

Thanks for your help.

Reply
Solved! Jump to solution

cboillot
Contributor
‎01-21-2020 02:47 PM

How did you get this to work? Which files did you have in the TA?

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-16-2015 11:42 AM

The Universal Forwarder license doesn't have the LDAPAuth feature, so I assume the modules underneath aren't shipped either.

You could of course deploy Heavy Forwarders, those should be able to do what you need - you may need to make sure they're connected to a valid Enterprise license from your license master though.

Reply
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...