Security

How to assign an additional role to an existing LDAP authentication user in Splunk Web?

Motivator

Hi All, Currently we have requirement to assign additional role for an existing LDAP authentication user in Splunk Web. When we tried to assign the admin role to his profile along with other role which the user is already assigned with it from Splunk Web we were unable to do it. So Kindly provide us the steps on how to assign the addition role to a an existing user.

Thanks in advance.

0 Karma

Splunk Employee
Splunk Employee

The appropriate way to do this is to add the user to the group mapped to the Splunk Admin role in Active Directory. Others have commented with setting up another strategy just for this user, which would work, but it's much more difficult than just adding the user to the Splunk Admin group in your Active Directory.

To create the second strategy, copy your authentication.conf > for your existing strategy to a new one. Then, add the userBaseFilter to find the user in question.

Next, create another roleMap_ for this second strategy and specify the admin role for this user's corresponding AD group.

Hope this helps.

Motivator

thanks brreeves for your time and effort. We had used the LDAP to fix this.

SplunkTrust
SplunkTrust

There is a way to narrow an ldap strategy down to a single user using filters and then apply the multiple roles to just that single user. I've never done it but I'm sure someone else can chime in with how to.

0 Karma

Motivator

thanks jkat54, could you please share me the steps on how to narrow down an ldap strategy to a single user using filters. Already there other users present in the Admin LDAP group, will this user get affected.

thanks in advance.

0 Karma

SplunkTrust
SplunkTrust

http://docs.splunk.com/Documentation/Splunk/6.5.2/Security/SetUpUserAuthenticationWithLDAP

You can map multiple groups to multiple roles if you have the LDAP strategy setup properly. As the docs say it is recommended one strategy. If the user is in multiple groups that come from that LDAP strategy then when you map those LDAP groups the user in Splunk will receive the stacked combination of the roles they are in.

0 Karma

SplunkTrust
SplunkTrust

I don't think you can assign a role to a user, from Splunk, when using LDAP authentication. If you just want to give additional role to a user, get the user added to appropriate LDAP groups.
If you want to have additional roles to all users of a particular role, you need to update LDAP authentication.
If you're using LDAP authentication, in the authentication.conf, you will have roleMap defined which binds a Splunk user role to one or more LDAP group name (semicolon separated). Make sure that additional role that you want to assign to

https://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/Authenticationconf#Map_roles_2

0 Karma

Motivator

Thanks Somesoni2, In our case we need to assign an admin role to an existing user called test who is already assigned with basic user profile. When checked in Splunkweb --access control -- Authentication method -- configuration splunk to use LDAP and Map groups -- Manage group -- LDAP group (admin)

So how to add the test user under this LDAP group ?

Also where to find out authentication.conf file in splunk home path ?

thanks in advance.

0 Karma