AD mapped users unable to login to Splunk

damode · ‎06-16-2019

I have mapped an AD group to Splunk's admin role. However, users are still unable to login.

After a bit of researching, I realised (from User name attribute setting within Splunk's LDAP strategy configuration page), sAMAccountname's value in AD has to be case insensitive. However, after I looked up LDAP directory for the sAMAccountname's value, I noticed the user's username actually has some uppercase letters too.

I have spoken to the LDAP admin and he advised that its not possible to modify the username to all lower case.

In this case, can anyone please advise how I can resolve this issue ?

DavidHourani · ‎06-17-2019

Hi @damode,

Why does it have that format in LDAP? When using other applications are your users using LDAP with lowercase usernames as well ?

damode · ‎06-17-2019

Hi David, I am not sure why but they have had that format since ages and never faced any issues with any applications. They use the same format for other applications.

skalliger · ‎06-18-2019

Can you create a test user all lowercase, put it into an authorised group and try to authenticate?

I somehow doubt that this is the problem.

Skalli

AD mapped users unable to login to Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM