We have ~50 domains across the organization who want to join in and use Splunk. They all have two way trust enabled so I have a service account established for AD integration. However, the results do not return other trees users.
Please let me know if this is possible, and we're doing it wrong, or if indeed I have to add 50 LDAP strategies.
I'm hoping this is just something fundamental I can configure.
permission issue. service account have permission to display the search that you have to declare in ACL present in LDAP server.
I am in a similar boat and I don't understand your answer... sorry
you have service account in your hand but you was not able to get the other trees user because for that particular service account, there is something called ACL which is declared in LDAP server where you have edit the ACL to display the other trees users.