Re: Splunk LDAP User and Group Filters

ssankeneni · ‎01-15-2013

Can any one expain or point me to the docs of how the LDAP User and Group Filters work ? I have gone through the docs http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureLDAPwithSplunkWeb but I'm still unable to understand it clearly.

jonuwz · ‎01-15-2013

Without a filter, the query sent by splunk to LDAP will say 'give me a list of all users'.

This could be hundreds of thousands of accounts.

If you specify a filter i.e. 'Department=Splunk'

Then the query sent by splunk to LDAP will say 'give me a list of users who belong to the Splunk department'.

The list of users returned will be much smaller.

Same theory for group filters.

jonuwz · ‎01-17-2013

No. One is a query to get a list of all the users, the other is a query to get a list of all the groups.

The groups that a user belongs to is pulled from the user attribute 'memberOf' (or whatever the group membership attribute is in your flavour of LDAP)

ssankeneni · ‎01-15-2013

Does the group and user filter are related ? If so how ?

Splunk LDAP User and Group Filters

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

Join the Conversation