Security

Add LDAP user

Contributor

Greetings,

I've set up LDAP authentication for my splunk installation. I would like to be able to add users specifically, but it appears when I do role mapping, I can only do groups.

How can I specify a user to a role?

Tags (2)
0 Karma

Engager

I set up LDAP to filter the list of group names displayed by using the filter: (cn=splunk)
Set up a security group for each role that you want (e.g., splunk_admins, splunk_users).

Or you can use the "Maps_users_directly_to_roles" technique... This didn't work for us as we have too many users and our LDAP heirachy is pretty flat (i.e., we don't have an OU=IT_Dept).

The problem I am running into is users within the groups still cannot log in, even though they are listed within the groups in LDAP Strategy. 😞

0 Karma

Splunk Employee
Splunk Employee

Briefly, to add a user to a Splunk role: First, On Splunk Web make sure that you've mapped the Splunk role to an LDAP group. Then, on your LDAP server, add the user to that LDAP group. See http://docs.splunk.com/Documentation/Splunk/5.0.2/Security/SetupuserauthenticationwithLDAP for more information about LDAP strategies, managing users using LDAP, and LDAP configuration.

Splunk Employee
Splunk Employee
0 Karma

Path Finder

Just to clarify ... I don't want a pointer to the regular LDAP setup docs. I want a point to whatever document explains how to 'Map_users_directly_to_roles' rather than setting up an LDAP group for each role that we need.

0 Karma

Splunk Employee
Splunk Employee

I've updated the links in my answer and comment, hope this gives you what you need.

0 Karma

Path Finder

That document sounds like exactly what I need to solve the same problem described here. However I can't find it. Can anyone post a new link?

0 Karma

Splunk Employee
Splunk Employee

Okay, I understand the question better now. Here's the current documentation topic about managing users using LDAP:

http://docs.splunk.com/Documentation/Splunk/5.0.2/Security/ManageSplunkuserroleswithLDAP

Hope this helps.

0 Karma

New Member

Agreed - in my splunk instance, there are over 40 applications and it is not practical to create individual LDAP groups for all possible one-offs that will occur. I would prefer to take a user assigned to a particular LDAP group, and augment their privs. (Sorry to piggyback on your thread, but I think we are asking the same thing)

0 Karma

Contributor

That works, but it potentially gives anyone else in that group access as well. That is not preferred.

0 Karma

New Member

Ditto - I was combing SplunkBase for the same question

0 Karma