I have configured LDAP authentication with Active Directory on Splunk. We are still waiting on the group to role mapping, so currently we have mapped individual users to specific roles.
However, 1 of the 5 users we have currently mapped is unable to login. When I add his username to the authentication.conf file, I see his username, Full name and email address under Settings->Access controls->Users
When he tries to log in, he gets "Invalid username or password" and immediately after that, his details are no longer visible under Settings->Access controls->Users
splunkd.log only shows
user=xxx action=login status=failure reason=user-initiated
The password can't be invalid since he logs into his local machine with the same credentials. The other 4 users are able to log in successfully.
Also, since I can see his 'Full Name' under Settings->Access controls->Users , I don't think its a problem with his display name, either.
It turns out that this only happened for users who had capital letters in their LDAP usernames. I had initially configured the role mapping assuming case sensitivity. So I had
admin = User1, user2, usEr3
Thought the users could log into their systems irrespective of the case, they were unable to log into splunk. I changed the mapping so that all usernames had lower case letters:
This seemed to fix the issue, and all users can now log into Splunk.
You just saved me, made some permission changes , roles etc... and if you have the LDAP in uppercase letters it fails.