Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add a new Active Directory group to an existing LDAP strategy?

brendan_wilson
Engager
‎09-29-2016 08:28 AM

We recently created a new group in Active Directory to support a new set of users we want to have access to splunk with specific capabilities. We have an existing LDAP strategy with a handful of groups currently in use. We have created this new group in AD, but I don't see any way to add this new group to the existing LDAP strategy when I click "Map Groups". I tried adding it to the configuration file on the server, but I'm not seeing it populate in the UI. Is the only way of incorporating this new group to create a whole new LDAP strategy?

0 Karma
Reply

nickhills
Ultra Champion
‎12-21-2017 11:59 AM

You don't add groups per se.

The LDAP strategy defines the search path in the LDAP heirachy from which Splunk will search for groups.
If you add a new group to AD, as long as that group is in your Strategy's search path, the group will appear in your mapping options to allow you to assign a role to it.

Since your posting this question, I presume you have added the group to AD, but cant see it in Splunk?
If so - try adding the group into the same OU as your existing Splunk groups, or redefine your strategy to search wider in your domain.

If my comment helps, please give it a thumbs up!
Reply

ShaneNewman
Motivator
‎09-29-2016 10:55 AM

Why not just add it to the authentication.conf/authorization.conf directly? Once you add it to the existing strategy, just go back to the UI and reload the auth.

Reply

NicholasLudwicz
Engager
‎12-21-2017 11:06 AM

This worked for me. I only had to changed the authentication.conf file. The path to this file is $SPLUNK_HOME\etc\system\local

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Top