Security
Highlighted

After configuring LDAP authentication with Active Directory in Splunk, why are LDAP user details for some users deleted after a login attempt?

Path Finder

I have configured LDAP authentication with Active Directory on Splunk. We are still waiting on the group to role mapping, so currently we have mapped individual users to specific roles.

However, 1 of the 5 users we have currently mapped is unable to login. When I add his username to the authentication.conf file, I see his username, Full name and email address under Settings->Access controls->Users

When he tries to log in, he gets "Invalid username or password" and immediately after that, his details are no longer visible under Settings->Access controls->Users

splunkd.log only shows

user=xxx action=login status=failure reason=user-initiated

The password can't be invalid since he logs into his local machine with the same credentials. The other 4 users are able to log in successfully.
Also, since I can see his 'Full Name' under Settings->Access controls->Users , I don't think its a problem with his display name, either.

Highlighted

Re: After configuring LDAP authentication with Active Directory in Splunk, why are LDAP user details for some users deleted after a login attempt?

Path Finder

It turns out that this only happened for users who had capital letters in their LDAP usernames. I had initially configured the role mapping assuming case sensitivity. So I had

admin = User1, user2, usEr3

Thought the users could log into their systems irrespective of the case, they were unable to log into splunk. I changed the mapping so that all usernames had lower case letters:

admin=user1,user2,user3

This seemed to fix the issue, and all users can now log into Splunk.

View solution in original post

Highlighted

Re: After configuring LDAP authentication with Active Directory in Splunk, why are LDAP user details for some users deleted after a login attempt?

Explorer

You just saved me, made some permission changes , roles etc... and if you have the LDAP in uppercase letters it fails.

0 Karma