Security

Splunk LDAP User and Group Filters

ssankeneni
Communicator

Can any one expain or point me to the docs of how the LDAP User and Group Filters work ? I have gone through the docs http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureLDAPwithSplunkWeb but I'm still unable to understand it clearly.

Tags (2)

jonuwz
Influencer

Without a filter, the query sent by splunk to LDAP will say 'give me a list of all users'.

This could be hundreds of thousands of accounts.

If you specify a filter i.e. 'Department=Splunk'

Then the query sent by splunk to LDAP will say 'give me a list of users who belong to the Splunk department'.

The list of users returned will be much smaller.

Same theory for group filters.

jonuwz
Influencer

No. One is a query to get a list of all the users, the other is a query to get a list of all the groups.

The groups that a user belongs to is pulled from the user attribute 'memberOf' (or whatever the group membership attribute is in your flavour of LDAP)

0 Karma

ssankeneni
Communicator

Does the group and user filter are related ? If so how ?

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...