Security

Account lockout when using LDAP authentication for users?

chris_barrett
SplunkTrust
SplunkTrust

We have our authentication tied to AD using the LDAP strategy.   Password complexity and lifetime is, as a result, handled by the requirements set by the AD Group Policy.  But what about failed login attempts?  If a user manages to type in their password incorrectly multiple times (or worse, someone tries to incorrectly guess a user's password multiple times), will it cause their account to become locked within Splunk (and possibly within the underlying OS too?)

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

If someone is locked out of their LDAP account then they are also locked out of Splunk.  However, Splunk is unaware of that.  I merely asks the LDAP server if the user is authenticated and if the server responds with "no" then they are not allowed in.

The 'admin' user still has access to Splunk, however, since it is a local account.

If your OS also uses LDAP then the same applies there as well.

---
If this reply helps you, Karma would be appreciated.
0 Karma

chris_barrett
SplunkTrust
SplunkTrust

But what if the user (or someone else) types in the user's id and then fails to enter the correct password multiple times.  Will the account become locked out? 

The specific situation here is that the authentication is tied to the client's AD.    If the wrong password is typed in for a user on the Splunk login page multiple (let's say 10 times), will the account become locked either within Splunk, or within AD, or both, or neither?

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Easiest way to check how it is configured on your environment is asking from your ad admins and/or just test it. I think that it depends how it is configured.
r. Ismo
0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...