Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Does the Universal Forwarder Support LDAP?

rengle
Engager
‎07-16-2015 10:38 AM

We use the REST API regularly with several of our Universal Forwarders.

I would like to setup LDAP with all of them so that we can more easily manage who has access to the REST API and also enforce password controls.

I have distributed a TA with our LDAP configs and the password is being hashed and accepted. The Configuration shows up in btool when I run it.

However, when I try and authenticate with an LDAP account the authentication fails. Furthermore, LDAP users do not show up when I query the REST endpoint on:

/services/authentication/users

How do I confirm that LDAP is not running and if it is not, how do I enable it on a Universal Forwarder? Is LDAP handled through cherrypy and is therefore unavailable?

Reply
1 Solution
Solved! Jump to solution
Solution

rengle
Engager
‎07-16-2015 01:13 PM

Found the issue.

Because my splunk.secret file is different for all of these forwarders, my hashed password was not being decrypted correctly. (and therefore the credentials were invalid)

I was able to get LDAP to work by distributing the password in plaintext, then having the forwarders hash it themselves.

In the future I will work to distribute our splunk.secret key to our forwarding infrastructure as well.

For future reference, LDAP is compatible with the Universal Forwarder.

Thanks for your help.

View solution in original post

Reply
Solved! Jump to solution
Solution

rengle
Engager
‎07-16-2015 01:13 PM

Found the issue.

Because my splunk.secret file is different for all of these forwarders, my hashed password was not being decrypted correctly. (and therefore the credentials were invalid)

I was able to get LDAP to work by distributing the password in plaintext, then having the forwarders hash it themselves.

In the future I will work to distribute our splunk.secret key to our forwarding infrastructure as well.

For future reference, LDAP is compatible with the Universal Forwarder.

Thanks for your help.

Reply
Solved! Jump to solution

cboillot
Contributor
‎01-21-2020 02:47 PM

How did you get this to work? Which files did you have in the TA?

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-16-2015 11:42 AM

The Universal Forwarder license doesn't have the LDAPAuth feature, so I assume the modules underneath aren't shipped either.

You could of course deploy Heavy Forwarders, those should be able to do what you need - you may need to make sure they're connected to a valid Enterprise license from your license master though.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...