Security

Most LDAP users don't appear/aren't usable

rhansen
Explorer

I have setup the LDAP structure and don't see all of my users in the Group mapping.

Under Manager>>Access controls>>Authentication method>>LDAP strategies>>LDAP Groups, I have setup the specific group to map to Admin, in the text box below it shows all 50~ of my users.

If I save that screen and go to Manager>>Access controls>>Users only 14 users show up. I have deleted the mapping and started over, I have tried mapping to a different global catalog, nothing helps.

What am I missing here?

Splunk 5.0 build 140868 on 2008 R2 SP1
DC = 2008 R2 Ent

Thanks

Tags (3)
0 Karma

rhansen
Explorer

Solved it!

I was mistaken about your first answer. You are partially correct. I was able to log in with another account that was not listed. Once I logged in with that account, it showed up in the Users list.

The problem that I was having was that I had not filled out the "Display name" field in ADUC. That prevented my account from logging in. Once I completed the Display name field, my account was able to login.

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

In order for the user to show up in the user list, I believe they must first login. Once they login, then their user account gets created within Splunk, and will show in the GUI.

MuS
SplunkTrust
SplunkTrust
0 Karma

Drainy
Champion

Do you have any local users with the same username as yours? These will override your AD user of the same name. Also, you might find it worth turning up the logging levels of the ldap logger in System settings

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

Do you have a User Base Filter configured? That will limit who can login as well as with a Group.

0 Karma

rhansen
Explorer

I wish that were the case... I had already tried to log in with my account and that didn't work. I get the error "Invalid username or password". If I log in with one of the 14 accounts listed, it works.

I also "Copy" one of the users in ADUC that is listed in Splunk. The new user did not show up, so I don't think there is anything special about the AD users.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...