Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Some LDAP users are not showing up in Splunk Users screen -- Splunk 4.3.1 build 119532.

wrangler2x
Motivator
‎09-27-2012 04:21 PM

I happened to take a look at Manager >> Access Controls >> Users the other day and quite a few users I knew should be there were not. We are using LDAP authentication. I vaguely remembered something about LDAP in the 4.3 notes and went and looked. After mentioning that they fixed a bug concerning Splunk LDAP for this release it says:

If you are using LDAP version 2,
Splunk will populate the LDAP user
list with only those users who have
already successfully logged in to
Splunk, as opposed to the full list of
users who have login access.

We are, in fact, using LDAP 2 (the actual version is 2.4.23)

So I thought, "maybe that's it". I asked someone who is configured to use Splunk via LDAP that was not on the list in Splunk and asked him to log in to Splunkweb. After he did this I went back to the Users list and, no, he still wasn't there. So I don't think it is this that we are seeing here.

My questions:

  1. Has anyone else seen this?
  2. Has anyone any idea about anything we could be doing that would cause this?
  3. Does this sound like a Splunk bug?
Tags (3)
0 Karma
Reply

treinke
Builder
‎09-28-2012 06:15 AM

What are your LDAP settings? Mainly, what is your "User base DN" and "Group base DN"? I tend to create a specific Security Group for Splunk. I have for example Splunk - Admins, Splunk - Developers - Location 1, Splunk - Developers - Location 2, Splunk - Service Desk, etc. With that, make sure that a group the user is in is mapped to a specific role. Is the group showing up in the "Manager » Access controls » Authentication method » Configure Splunk to use LDAP and map groups » Map groups"?

There are no answer without questions
0 Karma
Reply

wrangler2x
Motivator
‎09-28-2012 09:56 AM

Can you be more specific about what you are looking for in the GUI? There is no area of the page labled 'groups'. I will say that every field is filled in except the two Dynamic group settings (member attribute and group search filter).

We are using a rolemap defined in authentication.conf that has a 10 roles, and what users associated with these roles can do is defined in authorize.conf.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...