Security

LDAP with more then 1000 groups

michel_wolf
Path Finder

Hi,

I have a problem with a LDAP configuration I know there is a limit by 1000 users so I have change the following configuration

authentication.conf
sizelimit = 10000

limits.conf
[ldap]
max_users_to_precache = 10000

but it looks like this hasn´t impact of the max size of groups because it stops every time at 1000 groups.

Any ideas what to do?

Michel

darkmoonvt
New Member

Any news on this? I just ran into the same problem.

We have more than 1000 groups. The one I need to configure isn't in the first 1000 returned. Perhaps if the 'Map Group' page used the search term to filter the query it sent to ldap?

(the static group search term doesn't help, unless we go through and flag all the groups that might be used by Splunk with something, which isn't something I can manage soon.)

0 Karma

jdhunter
Path Finder

Have you tried

groupBaseFilter =

or in the GUI under Settings > Access Controls > Authentication method > LDAP settings > LDAP strategy name > Static group search filter

The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

0 Karma

waytoavnish
Explorer

what is group itself is having 5000 users? Filters will not work

0 Karma
Get Updates on the Splunk Community!

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...

Splunk With AppDynamics - Meet the New IT (And Engineering) Couple

Wednesday, November 20, 2024  |  10AM PT / 1PM ET Register Now Join us in this session to learn all about ...