Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Some LDAP users are not showing up in Splunk Users screen -- Splunk 4.3.1 build 119532.

wrangler2x
Motivator
‎09-27-2012 04:21 PM

I happened to take a look at Manager >> Access Controls >> Users the other day and quite a few users I knew should be there were not. We are using LDAP authentication. I vaguely remembered something about LDAP in the 4.3 notes and went and looked. After mentioning that they fixed a bug concerning Splunk LDAP for this release it says:

If you are using LDAP version 2,
Splunk will populate the LDAP user
list with only those users who have
already successfully logged in to
Splunk, as opposed to the full list of
users who have login access.

We are, in fact, using LDAP 2 (the actual version is 2.4.23)

So I thought, "maybe that's it". I asked someone who is configured to use Splunk via LDAP that was not on the list in Splunk and asked him to log in to Splunkweb. After he did this I went back to the Users list and, no, he still wasn't there. So I don't think it is this that we are seeing here.

My questions:

  1. Has anyone else seen this?
  2. Has anyone any idea about anything we could be doing that would cause this?
  3. Does this sound like a Splunk bug?
Tags (3)
0 Karma
Reply

treinke
Builder
‎09-28-2012 06:15 AM

What are your LDAP settings? Mainly, what is your "User base DN" and "Group base DN"? I tend to create a specific Security Group for Splunk. I have for example Splunk - Admins, Splunk - Developers - Location 1, Splunk - Developers - Location 2, Splunk - Service Desk, etc. With that, make sure that a group the user is in is mapped to a specific role. Is the group showing up in the "Manager » Access controls » Authentication method » Configure Splunk to use LDAP and map groups » Map groups"?

There are no answer without questions
0 Karma
Reply

wrangler2x
Motivator
‎09-28-2012 09:56 AM

Can you be more specific about what you are looking for in the GUI? There is no area of the page labled 'groups'. I will say that every field is filled in except the two Dynamic group settings (member attribute and group search filter).

We are using a rolemap defined in authentication.conf that has a 10 roles, and what users associated with these roles can do is defined in authorize.conf.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...