Security

How to assign an additional role to an existing LDAP authentication user in Splunk Web?

Hemnaath
Motivator

Hi All, Currently we have requirement to assign additional role for an existing LDAP authentication user in Splunk Web. When we tried to assign the admin role to his profile along with other role which the user is already assigned with it from Splunk Web we were unable to do it. So Kindly provide us the steps on how to assign the addition role to a an existing user.

Thanks in advance.

0 Karma

brreeves_splunk
Splunk Employee
Splunk Employee

The appropriate way to do this is to add the user to the group mapped to the Splunk Admin role in Active Directory. Others have commented with setting up another strategy just for this user, which would work, but it's much more difficult than just adding the user to the Splunk Admin group in your Active Directory.

To create the second strategy, copy your authentication.conf > for your existing strategy to a new one. Then, add the userBaseFilter to find the user in question.

Next, create another roleMap_ for this second strategy and specify the admin role for this user's corresponding AD group.

Hope this helps.

Hemnaath
Motivator

thanks brreeves for your time and effort. We had used the LDAP to fix this.

jkat54
SplunkTrust
SplunkTrust

There is a way to narrow an ldap strategy down to a single user using filters and then apply the multiple roles to just that single user. I've never done it but I'm sure someone else can chime in with how to.

0 Karma

Hemnaath
Motivator

thanks jkat54, could you please share me the steps on how to narrow down an ldap strategy to a single user using filters. Already there other users present in the Admin LDAP group, will this user get affected.

thanks in advance.

0 Karma

starcher
SplunkTrust
SplunkTrust

http://docs.splunk.com/Documentation/Splunk/6.5.2/Security/SetUpUserAuthenticationWithLDAP

You can map multiple groups to multiple roles if you have the LDAP strategy setup properly. As the docs say it is recommended one strategy. If the user is in multiple groups that come from that LDAP strategy then when you map those LDAP groups the user in Splunk will receive the stacked combination of the roles they are in.

0 Karma

somesoni2
Revered Legend

I don't think you can assign a role to a user, from Splunk, when using LDAP authentication. If you just want to give additional role to a user, get the user added to appropriate LDAP groups.
If you want to have additional roles to all users of a particular role, you need to update LDAP authentication.
If you're using LDAP authentication, in the authentication.conf, you will have roleMap defined which binds a Splunk user role to one or more LDAP group name (semicolon separated). Make sure that additional role that you want to assign to

https://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/Authenticationconf#Map_roles_2

0 Karma

Hemnaath
Motivator

Thanks Somesoni2, In our case we need to assign an admin role to an existing user called test who is already assigned with basic user profile. When checked in Splunkweb --access control -- Authentication method -- configuration splunk to use LDAP and Map groups -- Manage group -- LDAP group (admin)

So how to add the test user under this LDAP group ?

Also where to find out authentication.conf file in splunk home path ?

thanks in advance.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...