Security

Splunk LDAP User and Group Filters

ssankeneni
Communicator

Can any one expain or point me to the docs of how the LDAP User and Group Filters work ? I have gone through the docs http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureLDAPwithSplunkWeb but I'm still unable to understand it clearly.

Tags (2)

jonuwz
Influencer

Without a filter, the query sent by splunk to LDAP will say 'give me a list of all users'.

This could be hundreds of thousands of accounts.

If you specify a filter i.e. 'Department=Splunk'

Then the query sent by splunk to LDAP will say 'give me a list of users who belong to the Splunk department'.

The list of users returned will be much smaller.

Same theory for group filters.

jonuwz
Influencer

No. One is a query to get a list of all the users, the other is a query to get a list of all the groups.

The groups that a user belongs to is pulled from the user attribute 'memberOf' (or whatever the group membership attribute is in your flavour of LDAP)

0 Karma

ssankeneni
Communicator

Does the group and user filter are related ? If so how ?

Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...