Security
Highlighted

Nested Active Directory Groups

SplunkTrust
SplunkTrust

I have the LDAP authentication setup in Splunk. I have created groups in Active Directory to handle the users (Splunk-Users, Splunk-PowerUsers, etc.). There is a AD group that already contained a set up users I want added in to Splunk. I added that user group to the AD group I have mapped to Users. The user group's location in AD is not in the same location I have for the Splunk groups. When I go in to Users, I see the nested group in Users as a User.

Is there a way to use nested AD groups in Splunk LDAP Authentication?

Tags (2)
Highlighted

Re: Nested Active Directory Groups

Champion

Splunk is unable to traverse nested LDAP groups. LDAP users must be direct members of the group mapped to Splunk role.

Highlighted

Re: Nested Active Directory Groups

Builder

Splunk is pretty bad in this area, I have had an enhancement request (45531) in for this functionality since Jul 8, 2010 7:08 AM (yes that's about 16 months) and it is still not scheduled to be included.

It wastes a couple of hours of time for a few people in my organisation each week, due to them having to assign individual members (new starters) to the groups, rather than them automatically being included for appropriate access via their team's role group. Over the course of the last 2 years this probably adds up to quite a large operating cost!

Please include this enhancement soon. How can we get its priority raised?

Highlighted

Re: Nested Active Directory Groups

Splunk Employee
Splunk Employee

Nested group support for OpenLDAP and AD has been added as of Splunk 4.3. Here's a blog post covering some details: http://blogs.splunk.com/2012/02/23/splunk-and-nested-groups-for-authorization/

View solution in original post