Security
Highlighted

LDAP Groups and Subgroups

Path Finder

Hello All, Thank you for your time.

If you have a group in AD that has subgroups and you map a role to the group, do the subgroups get updated with the same permissions? I attempted to test this and it seems that the answer is no. I am part of a child group. If I update the parent group I can not log into splunk. But if I update the child I can log in. It seems that if you update the parent group the child groups do not get updated.

Can anyone confirm this? Seems like this may be a bug?

Highlighted

Re: LDAP Groups and Subgroups

Communicator

What version of Splunk are you running? If I recall, subgroups in LDAP we're put in on version 4.3.

If you're on 4.3, check your $SPLUNK_HOME/etc/system/local/authentication.conf and see if

nestedGroups = 1

Thanks,
--adam

View solution in original post

Highlighted

Re: LDAP Groups and Subgroups

Path Finder

Thank you very much for your help. I appreciate it.

Yes I am on 4.3. Was an easy fix. Thank you.

Just to note: I assume this is outdated http://splunk-base.splunk.com/answers/2200/nested-active-directory-groups

0 Karma
Highlighted

Re: LDAP Groups and Subgroups

Communicator

Unfortunately before version 4.3 (released early 2012), nested groups did not work, which made permissions in our environment basically worthless. I'm glad Splunk has added this highly useful feature to the product.

Thanks,
--adam

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.