I have the LDAP authentication setup in Splunk. I have created groups in Active Directory to handle the users (Splunk-Users, Splunk-PowerUsers, etc.). There is a AD group that already contained a set up users I want added in to Splunk. I added that user group to the AD group I have mapped to Users. The user group's location in AD is not in the same location I have for the Splunk groups. When I go in to Users, I see the nested group in Users as a User.
Is there a way to use nested AD groups in Splunk LDAP Authentication?
Splunk is unable to traverse nested LDAP groups. LDAP users must be direct members of the group mapped to Splunk role.
Splunk is pretty bad in this area, I have had an enhancement request (45531) in for this functionality since Jul 8, 2010 7:08 AM (yes that's about 16 months) and it is still not scheduled to be included.
It wastes a couple of hours of time for a few people in my organisation each week, due to them having to assign individual members (new starters) to the groups, rather than them automatically being included for appropriate access via their team's role group. Over the course of the last 2 years this probably adds up to quite a large operating cost!
Please include this enhancement soon. How can we get its priority raised?