LDAP with more then 1000 groups

michel_wolf · ‎06-21-2018

Hi,

I have a problem with a LDAP configuration I know there is a limit by 1000 users so I have change the following configuration

authentication.conf
sizelimit = 10000

limits.conf
[ldap]
max_users_to_precache = 10000

but it looks like this hasn´t impact of the max size of groups because it stops every time at 1000 groups.

Any ideas what to do?

Michel

darkmoonvt · ‎05-09-2019

Any news on this? I just ran into the same problem.

We have more than 1000 groups. The one I need to configure isn't in the first 1000 returned. Perhaps if the 'Map Group' page used the search term to filter the query it sent to ldap?

(the static group search term doesn't help, unless we go through and flag all the groups that might be used by Splunk with something, which isn't something I can manage soon.)

jdhunter · ‎07-19-2018

Have you tried

groupBaseFilter =

or in the GUI under Settings > Access Controls > Authentication method > LDAP settings > LDAP strategy name > Static group search filter

The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

waytoavnish · ‎03-26-2019

what is group itself is having 5000 users? Filters will not work

LDAP with more then 1000 groups

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms