Security
Highlighted

How can I set up LDAP for all my Splunk servers at one time?

Engager

How can I set up LDAP for all my Splunk servers at one time? Am I going to have to set this up individually on each server or do they sync this config?

Highlighted

Re: How can I set up LDAP for all my Splunk servers at one time?

Builder

Are you using a Deployment Server, Cluster Master (for index cluster, or Deployer (for search head cluster)?

If so, you can set it up as an app there and distribute it from one of those. The method will vary depending on which one you use.

For instance on our search head cluster, we have an app called orgallauthentication in the etc/shcluster/apps on the Cluster Master server. Inside that file we have an authentication.conf which sets up the LDAP binding and maps the LDAP groups to the Splunk roles.

This app is then applied to the cluster and now we have LDAP authentication.

0 Karma
Highlighted

Re: How can I set up LDAP for all my Splunk servers at one time?

Legend

I like the comment from @jeremiahc4 overall

Also, remember that only the search heads need to have LDAP authentication set up, because those are the only servers where users should be allowed to login.

Users should not be logging into the indexers and so user credentials are not needed on these machines. I generally turn off the GUI on indexers. In an indexer cluster, I definitely turn off the GUI on the indexer peers - even Splunk admins should not be routinely logging-in on indexer peers.