Re: LDAP authentication to Active Directory Trusts

gonz0 · ‎03-28-2018

I have an environment where users are authenticated against a domain, and this works perfectly. However I would like to map roles to groups that live in a seperate trusted domain.

How would I do this in Splunk?

gonz0 · ‎04-10-2018

Giving this a bump and adding some more information.

MS AD domains are configured as a bi-directional trust and I can confirm this is operational by creating shares etc. for groups in the opposite domain.

On Splunk I have tried configuring seperate strategies, however these get evaluated top down and stop evaluating on match. I have also created identical roles in both domains which evaluates, but again, if the same name exists and I want to match the 2nd strategy, this will break.

I have tried configuring the primary domain and the secondary domain in the group lookup, however Splunk complains that the secondary domain is incorrect.

This seems to me like the ability to use trusted groups is an "Active Directory feature" and Splunk is "only doing LDAP". Is this statement accurate?

If so, what are my options? I'm guessing ADFS or SAML/SSO will solve this and possibly give me the functionality I want

LDAP authentication to Active Directory Trusts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation