I can confirm user's email address is available in AD directory. However, when I examine the user's attributes under Manager>>Access controls>>Users>>juser, Email address is blank (and uneditable). The user is also unable to edit their own email preferences.

Basically, I am seeking a way to manually insert user's email address in some config file under $Splunk_Home/ directory.

Ok, I was going through the documentation for version 6.2.1 and found one related thing. In authentication.conf, there is an attribute called "emailAttribute"
emailAttribute =
* OPTIONAL
* This is the user entry attribute whose value is their email address.
* Defaults to 'mail'

IMO, this should be attribute set correctly to a value based on your AD setting (it may be possible that email addresses are stored in some other user attribute for your AD than 'mail').

I didn't see this property in previous versions and I have checked couple of my instances using Splunk 5 as well as Splunk 6.0/6.1.2 and all don't show email address from AD.

Would be interesting to see if there is any workaround available for previous version.

Thank you for pinpointing the information. I will need to first find out the key of the entry attribute -- emailAttribute in our firm's AD directory.

I read the online doc -- Configure CSV and external lookups
However, I still don't find how the csv file will map e.g. user ID rich with the email address.

Assuming the user, rich, runs an interactive search from GUI and sends the job to background. How will he receives an email to richm@myemailaddress.com when the job is completed?

OH!!!! Sorry, I think I totally misunderstood the problem!

That's a bit of a different beast and one I don't know the answer to.

No problem. Thanks for the prompt response in any case!

My apology but I can't find the link of the great example at the bottom of the docs. Can you please post again?

Your help is greatly appreciated!

Is this the link you mention -- http://docs.splunk.com/Documentation/Splunk/6.2.1/Knowledge/Addfieldsfromexternaldatasources

Note you'll want your csv to be at least two columns: the name to look up and the email you want returned. Like..

account, email
rich, richm@myemailaddress.com
bill, billg@microsoft.com
linus, linus@torvalds.net

Hi,
I configured LDAP authentication, pointing to our AD domain controller. The users get mapped to roles successfully, but I examine the user's attributes under Manager>>Access controls>>Users>>juser, Email address is blank (and uneditable). The user is also unable to edit their own email preferences.

I didn't install the app -- Splunk Support for Active Directory. The main reason is because I don't have access to the LDAP window server in my firm.

I am wondering if it's possible to manually insert user's email address in some config file under $Splunk_Home/ directory.

Thank you!