Security

LDAP Groups and Subgroups

nowakdaw
Path Finder

Hello All, Thank you for your time.

If you have a group in AD that has subgroups and you map a role to the group, do the subgroups get updated with the same permissions? I attempted to test this and it seems that the answer is no. I am part of a child group. If I update the parent group I can not log into splunk. But if I update the child I can log in. It seems that if you update the parent group the child groups do not get updated.

Can anyone confirm this? Seems like this may be a bug?

1 Solution

adamw
Communicator

What version of Splunk are you running? If I recall, subgroups in LDAP we're put in on version 4.3.

If you're on 4.3, check your $SPLUNK_HOME/etc/system/local/authentication.conf and see if

nestedGroups = 1

Thanks,
--adam

View solution in original post

adamw
Communicator

What version of Splunk are you running? If I recall, subgroups in LDAP we're put in on version 4.3.

If you're on 4.3, check your $SPLUNK_HOME/etc/system/local/authentication.conf and see if

nestedGroups = 1

Thanks,
--adam

adamw
Communicator

Unfortunately before version 4.3 (released early 2012), nested groups did not work, which made permissions in our environment basically worthless. I'm glad Splunk has added this highly useful feature to the product.

Thanks,
--adam

0 Karma

nowakdaw
Path Finder

Thank you very much for your help. I appreciate it.

Yes I am on 4.3. Was an easy fix. Thank you.

Just to note: I assume this is outdated http://splunk-base.splunk.com/answers/2200/nested-active-directory-groups

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Get Agentic with Splunk Lantern: Connect to Cisco Cloud Control, Transform ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

July Community Events: Master ITSI 5.0 & Automate Splunk

Struggling with alert fatigue or feeling like you're spending more time on infrastructure maintenance than ...

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...