Security

Splunk LDAP integration support LDAP Extended Controls?

Champion

Does Splunk LDAP intergration support LDAP Extended Controls? In particular Matching rule OID 1.2.840.113556.1.4.1941 which is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match.

I've tried implement this in my ldap strategy, but Splunk pukes; however, if I pass the same LDAP query listed in the AuthenticationManagerLDAP logging channel using Apache Directory Studio it works fine.

Thanks in advanced,

Additiona Links:
Search Filter Syntax
3.1.1.3.4.1 LDAP Extended Control
Active Directory Recursive Queries

0 Karma

New Member

We have done this, and it does work.

Here is an example of what we did.

(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=Splunk Access,ou=Groups,dc=contoso,dc=com))

0 Karma