I am having some issue with LDAP authentication.
The Issue is: i am having one domain that is abc.int.com under that domain i have one OU called Splunk in that OU i have many "usersid" .
"usersid" refers to persons name who needs access in Splunk through LDAP
So i am using the strings :
For user base DN :
and for group base dn .
but it's not picking up users. It's only picking up users under groups not under any OU.
Please help me !!!!
for the group base dn , you need specify ou attribute
Your ldap configuration should resemble like this
groupBaseDN = ou=Groups,dc=splunksupport,dc=com;
*This is the Base of your Groups in LDAP. You can also specify multiple bases. For example: ou=Management,ou=Groups,dc=Splunkers,dc=com;ou=Consultants,ou=Groups,dc=Splunkers,dc=com;
For more Info
Hope it helps
Bro i am not having groups under any OU , After OU there are directly users , there is not group in between users and OU
Also increase the logging for the
AuthenticationManagerLDAP and the
ScopedLDAPConnection channel in
Settings » Server settings » Server logging and check
index=_internal for LDAP related messages.
Hope that helps ...
No Link which you have provided has diffrent issue , In my case i am able to connect to ldap ,
issue is ldap settings are picking up users which are mentioned under some group , but its not picking up users which are mentioned directly under OU .
Not exactly, the linked answer tells you to test the LDAP connection, and connection information with another tool and visually check the results for verification purpose.
Anyway, have a look at @JDukeSplunk answer how to setup multiple OU's for
I can't give you a specific answer for this. However I can tell you how I got mine working.
Using ADExplorer or some other LDAP browser I nailed down the OU structure. I copy-pasted to ensure that I got the characters exactly. You can usually go into the properties of the object and copy it there.
This assumes users are in the following OU's.
And the group mappings will only show any group that begins with "Splunk"
Here is my working copy of my ..\etc\local\authentication.conf file. Which of course is populated from the GUI.
[LDAP Authentication to AD] SSLEnabled = 1 anonymous_referrals = 1 bindDN = CN=splunkadsearch\, svc,CN=Users,DC=domain,DC=com bindDNpassword = XXXXXXXX charset = utf8 emailAttribute = mail groupBaseDN = OU=Security,OU=Groups,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com groupBaseFilter = (CN=Splunk*) groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = PDOM05.domain.com nestedGroups = 0 network_timeout = 20 port = 636 realNameAttribute = displayname sizelimit = 1000 timelimit = 15 userBaseDN = OU=Users,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com;OU=Expire,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com;OU=WA-SEA,OU=America,OU=Sites,DC=domain,DC=com userNameAttribute = samaccountname
Hope this helps.