Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Nested Active Directory Groups

treinke
Builder
‎05-05-2010 07:08 PM

I have the LDAP authentication setup in Splunk. I have created groups in Active Directory to handle the users (Splunk-Users, Splunk-PowerUsers, etc.). There is a AD group that already contained a set up users I want added in to Splunk. I added that user group to the AD group I have mapped to Users. The user group's location in AD is not in the same location I have for the Splunk groups. When I go in to Users, I see the nested group in Users as a User.

Is there a way to use nested AD groups in Splunk LDAP Authentication?

There are no answer without questions
Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

ekost
Splunk Employee
Splunk Employee
‎09-13-2012 09:47 AM

Nested group support for OpenLDAP and AD has been added as of Splunk 4.3. Here's a blog post covering some details: http://blogs.splunk.com/2012/02/23/splunk-and-nested-groups-for-authorization/

View solution in original post

Reply
Solved! Jump to solution
Solution

ekost
Splunk Employee
Splunk Employee
‎09-13-2012 09:47 AM

Nested group support for OpenLDAP and AD has been added as of Splunk 4.3. Here's a blog post covering some details: http://blogs.splunk.com/2012/02/23/splunk-and-nested-groups-for-authorization/

Reply
Solved! Jump to solution

Glenn
Builder
‎10-11-2011 05:58 AM

Splunk is pretty bad in this area, I have had an enhancement request (45531) in for this functionality since Jul 8, 2010 7:08 AM (yes that's about 16 months) and it is still not scheduled to be included.

It wastes a couple of hours of time for a few people in my organisation each week, due to them having to assign individual members (new starters) to the groups, rather than them automatically being included for appropriate access via their team's role group. Over the course of the last 2 years this probably adds up to quite a large operating cost!

Please include this enhancement soon. How can we get its priority raised?

Reply
Solved! Jump to solution

the_wolverine
Champion
‎05-06-2010 06:32 AM

Splunk is unable to traverse nested LDAP groups. LDAP users must be direct members of the group mapped to Splunk role.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...