Security
Highlighted

How to add a new Active Directory group to an existing LDAP strategy?

We recently created a new group in Active Directory to support a new set of users we want to have access to splunk with specific capabilities. We have an existing LDAP strategy with a handful of groups currently in use. We have created this new group in AD, but I don't see any way to add this new group to the existing LDAP strategy when I click "Map Groups". I tried adding it to the configuration file on the server, but I'm not seeing it populate in the UI. Is the only way of incorporating this new group to create a whole new LDAP strategy?

0 Karma
Highlighted

Re: How to add a new Active Directory group to an existing LDAP strategy?

Motivator

Why not just add it to the authentication.conf/authorization.conf directly? Once you add it to the existing strategy, just go back to the UI and reload the auth.

Highlighted

Re: How to add a new Active Directory group to an existing LDAP strategy?

This worked for me. I only had to changed the authentication.conf file. The path to this file is $SPLUNK_HOME\etc\system\local

0 Karma
Highlighted

Re: How to add a new Active Directory group to an existing LDAP strategy?

Ultra Champion

You don't add groups per se.

The LDAP strategy defines the search path in the LDAP heirachy from which Splunk will search for groups.
If you add a new group to AD, as long as that group is in your Strategy's search path, the group will appear in your mapping options to allow you to assign a role to it.

Since your posting this question, I presume you have added the group to AD, but cant see it in Splunk?
If so - try adding the group into the same OU as your existing Splunk groups, or redefine your strategy to search wider in your domain.