We have created a new role in splunk, and now we would like to assign that to our existing users. Users are already created using LDAP authentication method. Is it possible to assign the role or recreate the LDAP Authentication users from Splunk Web? if not, what is the possible way to do that?
If you have configured Splunk to authenticate via your LDAP server, you can map your LDAP groups to Splunk roles. If you do not use groups, you can also map LDAP users individually.
For information about setting up LDAP groups in Splunk Web, see "Configure LDAP with Splunk Web" in this manual.
Note: You can map either users or groups, but not both. If you are using groups, all users you want to access Splunk must be members of an appropriate group. Groups inherit capabilities from the highest level role they're a member of.
All users are visible in the Users page in Splunk Manager. To assign roles to groups in Splunk Web:
Click Settings in Splunk Web.
In the Users and authentication section, click Access controls.
Click Authentication method.
Select the LDAP radio button.
Click Configure Splunk to use LDAP and map groups. This takes you to the LDAP strategies page.
Click Map groups in the Actions column for a specific strategy. This takes you to the LDAP Groups page. You can use the search field in the upper right corner of the page to qualify the list of groups; for example, to search for groups containing specific users.
Click on a group name. This takes you the mapping page, which includes a list of available roles and a list of LDAP users for that group.
To map a role to a group, click the arrow to the left of a role in the "Available Roles" list. This moves the group into the "Selected Roles" list. You can map multiple roles to the group.
Click Save. This takes you back to the LDAP Groups page.
Repeat the process for each group that you want to assign Splunk roles to.
Thanks for the info. I found that documentation and still wasn't seeing the created group, but it turns out that the group creation simply hadn't propagated to the domain controller we were connecting to for LDAP info. My bad!