Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

LDAP authentication: mapping empty groups

gcusello
SplunkTrust
SplunkTrust
‎10-31-2023 06:09 AM

Hi at all,

I have to use in Splunk Enterprise an external authentication using LDAP.

I'm mapping roles with AD groups.

I don't see empty AD gropus (groups without associated users) in the mapping page.

Do you think that there could be a misconfiguration or (as I suppose) it isn't possible to see them until a user is inserted in? 

Thank you for your confirmation.

Ciao.

Giuseppe

Labels (2)
Labels
0 Karma
Reply

Mafokognel
Engager
‎11-01-2023 09:26 AM

Hello, 

For my knowledge, You have to create role, after assign to the role their permission. thereafter you can map the group and authenticate again. Then Go to user and check username assign to the group. Thanks

Reply

gcusello
SplunkTrust
SplunkTrust
‎11-01-2023 10:07 AM

Hi @Mafokognel,

Thanks for your answer.

I know this, bat my question is: 

after LDAP integration, I see groups containing users, but I don't see Groups without users.

Do you think that's normal or there could be an issue?

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-02-2023 03:29 AM

Hi

I think that's just like you said. There must be a user on group to see it.

IMHO: with LDAP / AD authentication it's much better to create an own app where you have done those mappings and then install it as normal app. That way you could always add new role - group mappings there even there is no users yet on those groups. Also put that app on git and you know what you have. BUT after that don't use GUI anymore to user management (mappings etc.). If you are continue with both way you will be get real "spaghetti" sooner or later ;-(

r. Ismo

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...