LDAP authentication error: user has matching LDAP ...

yyogev · ‎06-23-2014

Hi,

My LDAP setup in etc/system/local/authentication.conf produces the following error when I try to authenticate with my crentials:

06-23-2014 00:08:24.563 -0700 ERROR AuthenticationManagerLDAP - user="yayogev" has matching LDAP groups with strategy="ldap_AD", but none are mapped to Splunk roles
06-23-2014 00:08:24.564 -0700 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="yayogev" on any configured servers

I tested with ldapsearch as suggested in thw "Test your LDAP configuration" page in the docs, and I got the expected results. On the other hand, in the Web UI undr "Access controls » Authentication method » LDAP strategies » LDAP Groups" I see a very partial list of groups.

Here are the contents of authentication.conf (anonimized):

[authentication]
authType = LDAP
authSettings = ldap_AD

[ldap_AD]
host = ad.mycompany.com
port = 636
SSLEnabled = 1
bindDN = <bind-dn>
bindDNpassword = <...>
userBaseDN = OU=Employees, OU=My Company Users, DC=dev, DC=mycompany, DC=com
groupBaseDN = OU=My Company Groups,DC=dev,DC=mycompany, DC=com
groupBaseFilter = (objectclass=group)
userNameAttribute = sAMAccountName
realNameAttribute = cn
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
timelimit = 10
network_timeout = 15

[roleMap_ldap_AD_usergroups]
admin = mygroup-splunk-admins
power = mygroup-core

jsrobard · ‎03-20-2017

Your [roleMap_???] stanza is incorrect.

The ??? must match the value you specified in the LDAP settings stanza name, in your case "ldap_AD". So the third stanza name should be [roleMap_ldap_AD] not [roleMap_ldap_AD_usergroups].

LDAP authentication error: user has matching LDAP groups but none are mapped to Splunk roles

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!