So I did some searches but the only answer I can find is to create an LDAP group that I will match to a local group.
However my question is more the following:
I have an LDAP user with a specific ldap group that I match to a local Splunk group.
Several people are in that ldap group and in that same configuration.
However, I just created a special group locally and I don't want to have to create another group in ldap. I would like to be able to select some users to have this particular role.
I can see in the web interface in access control => User that everything is in "grey" and I can't add or delete a role from there.
Is there a special configuration file where I could make this link between the authenticated LDAP user and the local group? Or is it not possible at all?
Thank you for your time guys,
You said -
-- I have an LDAP user with a specific ldap group that I match to a local Splunk group.
You see, an ldap group is associated with a Splunk role. Can you please explain what you are trying to do?
I am trying to have a special role that I create on the splunk interface which will be given to only some developers that will give then the write permission in an application I created.
I know the usual way is to create another LDAP group and assign this new role to the LDAP group and then ask my user to add themselves in that particular group in LDAP.
But I want to be able to assign this new role directly in splunk, without the need to create this new LDAP group. So basically for a splunk created user I would just go in the web interface and assign this new role to a specific group and then add my user to this group. But because we are using LDAP to authenticate the users, when I click on a specific user, all is greyed and I can't assign any group or anything directly.
I hope It's a bit more clear 🙂
-- I know the usual way is to create another LDAP group and assign this new role to the LDAP group and then ask my user to add themselves in that particular group in LDAP.
That's exactly it and I'm not aware of anything else which can be done. Sorry.
Ok, thank you for your time 🙂
I couldn't find any doc on the splunk website about what I'm trying to do... I just wanted to know if somebody already did it or if I didn't search the right way.
On another hand I find it quite strange we can't do it... I mean.. it appears to me as a need that may have been encountered by many people... not having the possibility to create LDAP groups but to have to give access to some specific users... well.
Thanks anyway :), I'll let this thread some more time in case somebody else has got a different opinion.
Thinking about it a bit, you can create stand-alone users in Splunk and associate a role to them, like the default admin user. Then you bypass the need for the creation of an ldap group.
Does it make any sense?
Yes it would work but the idea was to stick with the LDAP authentication as the users already have some groups bind to their account. They are used to use their ldap account for almost everything so if they need to have special account on each application, with a specific password and so on... they won't buy me a drink at the end of the day I'm afraid 😄
You are right, the binding of a specific user to an ldap group to a role is limiting and the interface allows only for an ldap group to be associated with a role.
We are also not thrilled about the proliferation of the ldap groups ; - )