Getting Data In

Is it possible to have multiple hosts for one LDAP Strategy?

fjmelo
Engager

Hi all,

We have Splunk connected to 5 LDAP domains and each one with at least 10 servers. Today Splunk is pointing to the domain name "domain1.com" that has the DNS pointing and rotating to each one of the 10 servers after some time, even if the Active Directory server is out the "domain1.com", it still points to it and times out. When this happens, the connections to Splunk using SSO hang until the AD server is rotated to another server.

We also had this situation on our SAP portal server (That as Splunk seems to be not LDAP aware), but we fixed this using the names of 4 servers separated by commas so the rotation would happen on SAP level and only on those servers. We would like to approach it the same way in Splunk. Is that possible?

Example below:

[domain1]
host = server1.domain1.com,server2.domain1.com,server3.domain1.com,server4.domain1.com
port = 389
SSLEnabled = 0
....

Thanks,

adhoke_splunk
Splunk Employee
Splunk Employee

Ldap strategy can point to only one ldap server. However, you can specify multiple ldap strategies, one for each of your servers. In this case, strategies will be same except for host.
Specify those strategies in authSettings as comma separated values. Splunk will attempt to connect to all strategies.

https://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Authenticationconf

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!