Security

Splunk LDAP User and Group Filters

ssankeneni
Communicator

Can any one expain or point me to the docs of how the LDAP User and Group Filters work ? I have gone through the docs http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureLDAPwithSplunkWeb but I'm still unable to understand it clearly.

Tags (2)

jonuwz
Influencer

Without a filter, the query sent by splunk to LDAP will say 'give me a list of all users'.

This could be hundreds of thousands of accounts.

If you specify a filter i.e. 'Department=Splunk'

Then the query sent by splunk to LDAP will say 'give me a list of users who belong to the Splunk department'.

The list of users returned will be much smaller.

Same theory for group filters.

jonuwz
Influencer

No. One is a query to get a list of all the users, the other is a query to get a list of all the groups.

The groups that a user belongs to is pulled from the user attribute 'memberOf' (or whatever the group membership attribute is in your flavour of LDAP)

0 Karma

ssankeneni
Communicator

Does the group and user filter are related ? If so how ?

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...