Solved: LDAP authentication caching

bobwalden · ‎09-10-2013

Hi;

Seems like, with LDAP integrated and roles mapped to LDAP groups, Splunk will update its cached list of users and their roles only when a splunkweb session starts--ie, if we add a user to a mapped role, this does not show up in Manage > Access Controls > Users, but after that user logs in, he/she now shows up in that list.

On the other hand, if we make changes to that user's role, and he/she is currently logged into splunk web, that change will not take effect unless they log out and back in--correct?

We know we can hit manage > Access Controls > Authentication method > Reload authentication method to reset, but:

a) is there any setting in authentication.conf or limits.conf to make this happen on a periodic basis?

b) we see that according to http://blogs.splunk.com/2009/08/20/reload-4-auth/, we can do this via a cron job, but is this still best practice in 5.0 +?

thanks,
bw

the_wolverine · ‎06-17-2014

We're encountering strange issues with LDAP in version 5 and have implemented our workaround which is scripting of the auth reload command on a regular basis.

View solution in original post

the_wolverine · ‎06-17-2014

We're encountering strange issues with LDAP in version 5 and have implemented our workaround which is scripting of the auth reload command on a regular basis.

LDAP authentication caching

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk