Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Some LDAP users are not showing up in Splunk Users screen -- Splunk 4.3.1 build 119532.

wrangler2x
Motivator
‎09-27-2012 04:21 PM

I happened to take a look at Manager >> Access Controls >> Users the other day and quite a few users I knew should be there were not. We are using LDAP authentication. I vaguely remembered something about LDAP in the 4.3 notes and went and looked. After mentioning that they fixed a bug concerning Splunk LDAP for this release it says:

If you are using LDAP version 2,
Splunk will populate the LDAP user
list with only those users who have
already successfully logged in to
Splunk, as opposed to the full list of
users who have login access.

We are, in fact, using LDAP 2 (the actual version is 2.4.23)

So I thought, "maybe that's it". I asked someone who is configured to use Splunk via LDAP that was not on the list in Splunk and asked him to log in to Splunkweb. After he did this I went back to the Users list and, no, he still wasn't there. So I don't think it is this that we are seeing here.

My questions:

  1. Has anyone else seen this?
  2. Has anyone any idea about anything we could be doing that would cause this?
  3. Does this sound like a Splunk bug?
Tags (3)
0 Karma
Reply

treinke
Builder
‎09-28-2012 06:15 AM

What are your LDAP settings? Mainly, what is your "User base DN" and "Group base DN"? I tend to create a specific Security Group for Splunk. I have for example Splunk - Admins, Splunk - Developers - Location 1, Splunk - Developers - Location 2, Splunk - Service Desk, etc. With that, make sure that a group the user is in is mapped to a specific role. Is the group showing up in the "Manager » Access controls » Authentication method » Configure Splunk to use LDAP and map groups » Map groups"?

There are no answer without questions
0 Karma
Reply

wrangler2x
Motivator
‎09-28-2012 09:56 AM

Can you be more specific about what you are looking for in the GUI? There is no area of the page labled 'groups'. I will say that every field is filled in except the two Dynamic group settings (member attribute and group search filter).

We are using a rolemap defined in authentication.conf that has a 10 roles, and what users associated with these roles can do is defined in authorize.conf.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...