Hello All, Thank you for your time.
If you have a group in AD that has subgroups and you map a role to the group, do the subgroups get updated with the same permissions? I attempted to test this and it seems that the answer is no. I am part of a child group. If I update the parent group I can not log into splunk. But if I update the child I can log in. It seems that if you update the parent group the child groups do not get updated.
Can anyone confirm this? Seems like this may be a bug?
What version of Splunk are you running? If I recall, subgroups in LDAP we're put in on version 4.3.
If you're on 4.3, check your $SPLUNK_HOME/etc/system/local/authentication.conf and see if
nestedGroups = 1
Thank you very much for your help. I appreciate it.
Yes I am on 4.3. Was an easy fix. Thank you.
Just to note: I assume this is outdated http://splunk-base.splunk.com/answers/2200/nested-active-directory-groups
Unfortunately before version 4.3 (released early 2012), nested groups did not work, which made permissions in our environment basically worthless. I'm glad Splunk has added this highly useful feature to the product.