AD mapped users unable to login to Splunk

damode · ‎06-16-2019

I have mapped an AD group to Splunk's admin role. However, users are still unable to login.

After a bit of researching, I realised (from User name attribute setting within Splunk's LDAP strategy configuration page), sAMAccountname's value in AD has to be case insensitive. However, after I looked up LDAP directory for the sAMAccountname's value, I noticed the user's username actually has some uppercase letters too.

I have spoken to the LDAP admin and he advised that its not possible to modify the username to all lower case.

In this case, can anyone please advise how I can resolve this issue ?

DavidHourani · ‎06-17-2019

Hi @damode,

Why does it have that format in LDAP? When using other applications are your users using LDAP with lowercase usernames as well ?

damode · ‎06-17-2019

Hi David, I am not sure why but they have had that format since ages and never faced any issues with any applications. They use the same format for other applications.

skalliger · ‎06-18-2019

Can you create a test user all lowercase, put it into an authorised group and try to authenticate?

I somehow doubt that this is the problem.

Skalli

AD mapped users unable to login to Splunk

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?