Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

LDAP with more then 1000 groups

michel_wolf
Path Finder
‎06-21-2018 07:02 AM

Hi,

I have a problem with a LDAP configuration I know there is a limit by 1000 users so I have change the following configuration

authentication.conf
sizelimit = 10000

limits.conf
[ldap]
max_users_to_precache = 10000

but it looks like this hasn´t impact of the max size of groups because it stops every time at 1000 groups.

Any ideas what to do?

Michel

Reply

darkmoonvt
New Member
‎05-09-2019 12:08 PM

Any news on this? I just ran into the same problem.

We have more than 1000 groups. The one I need to configure isn't in the first 1000 returned. Perhaps if the 'Map Group' page used the search term to filter the query it sent to ldap?

(the static group search term doesn't help, unless we go through and flag all the groups that might be used by Splunk with something, which isn't something I can manage soon.)

0 Karma
Reply

jdhunter
Path Finder
‎07-19-2018 03:13 PM

Have you tried

groupBaseFilter =

or in the GUI under Settings > Access Controls > Authentication method > LDAP settings > LDAP strategy name > Static group search filter

The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

0 Karma
Reply

waytoavnish
Explorer
‎03-26-2019 07:38 AM

what is group itself is having 5000 users? Filters will not work

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...