Hello All, first time user in the commnunity. We currently have a number of users in our Splunk environment using local authentication and LDAP was not configured at initial deployment. Is it still possible to convert local users to use LDAP for authentication? OR what do you recommend?
You can add, change, or remove LDAP authentication at any time.
The catch is the local user name must match the LDAP user names for the users to retain their knowledge objects (reports, alerts, etc.). The KOs will still be there, but will only be accessible by the local user name.
Public KOs (those shared at the App or Global level) can be assigned a new (LDAP) owner. Private KOs, however, have to be copied at the file system level, AFAIK.
--- If this reply helps you, an upvote would be appreciated.