Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

LDAP authentication: mapping empty groups

gcusello
SplunkTrust
SplunkTrust
‎10-31-2023 06:09 AM

Hi at all,

I have to use in Splunk Enterprise an external authentication using LDAP.

I'm mapping roles with AD groups.

I don't see empty AD gropus (groups without associated users) in the mapping page.

Do you think that there could be a misconfiguration or (as I suppose) it isn't possible to see them until a user is inserted in? 

Thank you for your confirmation.

Ciao.

Giuseppe

Labels (2)
Labels
0 Karma
Reply

Mafokognel
Engager
‎11-01-2023 09:26 AM

Hello, 

For my knowledge, You have to create role, after assign to the role their permission. thereafter you can map the group and authenticate again. Then Go to user and check username assign to the group. Thanks

Reply

gcusello
SplunkTrust
SplunkTrust
‎11-01-2023 10:07 AM

Hi @Mafokognel,

Thanks for your answer.

I know this, bat my question is: 

after LDAP integration, I see groups containing users, but I don't see Groups without users.

Do you think that's normal or there could be an issue?

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-02-2023 03:29 AM

Hi

I think that's just like you said. There must be a user on group to see it.

IMHO: with LDAP / AD authentication it's much better to create an own app where you have done those mappings and then install it as normal app. That way you could always add new role - group mappings there even there is no users yet on those groups. Also put that app on git and you know what you have. BUT after that don't use GUI anymore to user management (mappings etc.). If you are continue with both way you will be get real "spaghetti" sooner or later ;-(

r. Ismo

Reply
Register for .conf25!
Get Updates on the Splunk Community!

Extending Splunk AI Assistant for SPL to Splunk Enterprise customers!

Howdy Splunk Community! It’s an exciting day here at Splunk – Splunk AI Assistant for SPL version 1.3.0 is now ...

Developer Spotlight with Qmulos

Qmulos: Building a Next-Level Cybersecurity Business through Splunk Apps Qmulos started as a scrappy startup ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...
Top