Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to use REST to find LDAP mapped groups (roles and the AD group(s) they are mapped to)

blacknight659
Explorer
‎11-01-2017 01:34 PM

I needed to find my roles were mapped to LDAP active directory groups. I ended up with the search below. It works, but I wanted to post it here to help others and/or ask the community for ideas on improvement.

I wanted to view the configuration stanza in /etc/system/local/authentication.conf under the [My_LDAP] stanza. Here, I can see which roles are assigned to my AD groups. I made the search below. You will notice the |transpose command. This helped to format the data in a more usable way. 

| rest /services/configs/conf-authentication/My_LDAP
| transpose header_field=a column_name=role
| rename "row 1" as AD_Group
| search role!="eai:*" role!=id role=*
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎11-01-2017 02:02 PM

Give this a try

| rest /services/admin/LDAP-groups splunk_server=local | table title roles | rename title as AD_Group

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎11-01-2017 02:02 PM

Give this a try

| rest /services/admin/LDAP-groups splunk_server=local | table title roles | rename title as AD_Group
Reply
Solved! Jump to solution

blacknight659
Explorer
‎11-02-2017 07:09 AM

This is much better. Thank you!

0 Karma
Reply
Solved! Jump to solution

adoumbia
Engager
‎12-28-2023 09:01 AM

Thank you it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...