Solved: How to use REST to find LDAP mapped groups (roles ...

blacknight659 · ‎11-01-2017

I needed to find my roles were mapped to LDAP active directory groups. I ended up with the search below. It works, but I wanted to post it here to help others and/or ask the community for ideas on improvement.

I wanted to view the configuration stanza in /etc/system/local/authentication.conf under the [My_LDAP] stanza. Here, I can see which roles are assigned to my AD groups. I made the search below. You will notice the |transpose command. This helped to format the data in a more usable way.

| rest /services/configs/conf-authentication/My_LDAP
| transpose header_field=a column_name=role
| rename "row 1" as AD_Group
| search role!="eai:*" role!=id role=*

somesoni2 · ‎11-01-2017

Give this a try

| rest /services/admin/LDAP-groups splunk_server=local | table title roles | rename title as AD_Group

View solution in original post

somesoni2 · ‎11-01-2017

Give this a try

| rest /services/admin/LDAP-groups splunk_server=local | table title roles | rename title as AD_Group

blacknight659 · ‎11-02-2017

This is much better. Thank you!

How to use REST to find LDAP mapped groups (roles and the AD group(s) they are mapped to)

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!