Security

LDAP authentication: mapping empty groups

gcusello
SplunkTrust
SplunkTrust

Hi at all,

I have to use in Splunk Enterprise an external authentication using LDAP.

I'm mapping roles with AD groups.

I don't see empty AD gropus (groups without associated users) in the mapping page.

Do you think that there could be a misconfiguration or (as I suppose) it isn't possible to see them until a user is inserted in? 

Thank you for your confirmation.

Ciao.

Giuseppe

Labels (2)
0 Karma

Mafokognel
Engager

Hello, 

For my knowledge, You have to create role, after assign to the role their permission. thereafter you can map the group and authenticate again. Then Go to user and check username assign to the group. Thanks

gcusello
SplunkTrust
SplunkTrust

Hi @Mafokognel,

Thanks for your answer.

I know this, bat my question is: 

after LDAP integration, I see groups containing users, but I don't see Groups without users.

Do you think that's normal or there could be an issue?

Ciao.

Giuseppe

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I think that's just like you said. There must be a user on group to see it.

IMHO: with LDAP / AD authentication it's much better to create an own app where you have done those mappings and then install it as normal app. That way you could always add new role - group mappings there even there is no users yet on those groups. Also put that app on git and you know what you have. BUT after that don't use GUI anymore to user management (mappings etc.). If you are continue with both way you will be get real "spaghetti" sooner or later ;-(

r. Ismo

Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...