Security

LDAP authentication error: user has matching LDAP groups but none are mapped to Splunk roles

yyogev
New Member

Hi,

My LDAP setup in etc/system/local/authentication.conf produces the following error when I try to authenticate with my crentials:

06-23-2014 00:08:24.563 -0700 ERROR AuthenticationManagerLDAP - user="yayogev" has matching LDAP groups with strategy="ldap_AD", but none are mapped to Splunk roles
06-23-2014 00:08:24.564 -0700 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="yayogev" on any configured servers 

I tested with ldapsearch as suggested in thw "Test your LDAP configuration" page in the docs, and I got the expected results. On the other hand, in the Web UI undr "Access controls » Authentication method » LDAP strategies » LDAP Groups" I see a very partial list of groups.

Here are the contents of authentication.conf (anonimized):

[authentication]
authType = LDAP
authSettings = ldap_AD

[ldap_AD]
host = ad.mycompany.com
port = 636
SSLEnabled = 1
bindDN = <bind-dn>
bindDNpassword = <...>
userBaseDN = OU=Employees, OU=My Company Users, DC=dev, DC=mycompany, DC=com
groupBaseDN = OU=My Company Groups,DC=dev,DC=mycompany, DC=com
groupBaseFilter = (objectclass=group)
userNameAttribute = sAMAccountName
realNameAttribute = cn
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
timelimit = 10
network_timeout = 15

[roleMap_ldap_AD_usergroups]
admin = mygroup-splunk-admins
power = mygroup-core
0 Karma

jsrobard
Explorer

Your [roleMap_???] stanza is incorrect.

The ??? must match the value you specified in the LDAP settings stanza name, in your case "ldap_AD". So the third stanza name should be [roleMap_ldap_AD] not [roleMap_ldap_AD_usergroups].

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...