Getting Data In

How to use REST to find LDAP mapped groups (roles and the AD group(s) they are mapped to)

blacknight659
Explorer

I needed to find my roles were mapped to LDAP active directory groups. I ended up with the search below. It works, but I wanted to post it here to help others and/or ask the community for ideas on improvement.

I wanted to view the configuration stanza in /etc/system/local/authentication.conf under the [My_LDAP] stanza. Here, I can see which roles are assigned to my AD groups. I made the search below. You will notice the |transpose command. This helped to format the data in a more usable way.

| rest /services/configs/conf-authentication/My_LDAP
| transpose header_field=a column_name=role
| rename "row 1" as AD_Group
| search role!="eai:*" role!=id role=*
0 Karma
1 Solution

somesoni2
Revered Legend

Give this a try

| rest /services/admin/LDAP-groups splunk_server=local | table title roles | rename title as AD_Group

View solution in original post

somesoni2
Revered Legend

Give this a try

| rest /services/admin/LDAP-groups splunk_server=local | table title roles | rename title as AD_Group

blacknight659
Explorer

This is much better. Thank you!

0 Karma

adoumbia
Engager

Thank you it helps

0 Karma
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...