Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I set up LDAP for all my Splunk servers at one time?

cajunitalian
Engager
‎09-29-2016 08:51 AM

How can I set up LDAP for all my Splunk servers at one time? Am I going to have to set this up individually on each server or do they sync this config?

Reply

SierraX
Communicator
‎08-27-2021 03:17 AM

I would handle it with an Orchestration Tool like:

- Puppet
- Chef
- Ansible
- CFEngine

0 Karma
Reply

lguinn2
Legend
‎10-02-2016 11:44 PM

I like the comment from @jeremiahc4 overall

Also, remember that only the search heads need to have LDAP authentication set up, because those are the only servers where users should be allowed to login.

Users should not be logging into the indexers and so user credentials are not needed on these machines. I generally turn off the GUI on indexers. In an indexer cluster, I definitely turn off the GUI on the indexer peers - even Splunk admins should not be routinely logging-in on indexer peers.

Reply

SierraX
Communicator
‎08-27-2021 03:15 AM

Login is just possible when a LDAP/AD Group is maped to a Splunk role.
e.g.
In AD are two Groups:
splunk_user
splunk_admin

On SH
splunk_user is mapped to role user
splunk_admin is mapped to role admin

On Indexer/HFw etc
splunk_admin is mapped to role admin

On SH - Users can login... on the others not.

0 Karma
Reply

jeremiahc4
Builder
‎09-29-2016 11:53 AM

Are you using a Deployment Server, Cluster Master (for index cluster, or Deployer (for search head cluster)?

If so, you can set it up as an app there and distribute it from one of those. The method will vary depending on which one you use.

For instance on our search head cluster, we have an app called org_all_authentication in the etc/shcluster/apps on the Cluster Master server. Inside that file we have an authentication.conf which sets up the LDAP binding and maps the LDAP groups to the Splunk roles.

This app is then applied to the cluster and now we have LDAP authentication.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...