Hi,
I am trying to integrate Splunk with Ldap, and hence I entered the following set of information.
LDAP Strategy Name: ldap
Host: 192.127.44.155
Port: 389
Bind DN: CN=va230033,OU=Application Accounts,DC=corp,DC=ncr,DC=com
Bind DN password: xxxxxx
User base DN: dc=corp,dc=ncr,dc=com
User name attribute: samaccountname
Real name attribute: displayname
Group mapping attribute: dn
Group base DN: dc=corp,dc=ncr,dc=com
Group name attribute: cn
Static member attribute: member
When i created a ldap with the above settings, i received the following error: ldap server warning: size limi exceeded. Not only this once done, when I try to map groups i could not find the groups that I want. So as to make search more refinable, I even included the following filter: (&(objectCategory=group) (cn=sweng*)) under User base filter.
Doing so did not help me, still I could not retrieve the group that I require and still the error persists.
Thanks,
Sushma.
How about increasing the size of this parameter?
Advanced settings -> Search request size limit
•Search request size limit
◦To avoid performance-related issues, you can set the search request size limit. Splunk will then request that the LDAP server return the specified maximum number of entries in response to a search request. In a large deployment with millions of users, setting this limit to a high value could result in a long response, depending on the search filter set in the LDAP strategy configuration. If this limit is reached, splunkd.log should contain a size limit exceeded message.
◦You should set the search request time limit and search request size limit values in conjunction with the splunkweb timeout property, described in "Configure user session timeouts". If you have a group that is not showing up in the Splunk console, it was likely excluded due to one of these limits. Tune these properties as needed.
◦To set the request size limit higher than 1000, you must also edit max_users_to_precache in limits.conf to accomodate the number of users you set for your request size limit.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Security/ConfigureLDAPwithSplunkWeb
How about increasing the size of this parameter?
Advanced settings -> Search request size limit
•Search request size limit
◦To avoid performance-related issues, you can set the search request size limit. Splunk will then request that the LDAP server return the specified maximum number of entries in response to a search request. In a large deployment with millions of users, setting this limit to a high value could result in a long response, depending on the search filter set in the LDAP strategy configuration. If this limit is reached, splunkd.log should contain a size limit exceeded message.
◦You should set the search request time limit and search request size limit values in conjunction with the splunkweb timeout property, described in "Configure user session timeouts". If you have a group that is not showing up in the Splunk console, it was likely excluded due to one of these limits. Tune these properties as needed.
◦To set the request size limit higher than 1000, you must also edit max_users_to_precache in limits.conf to accomodate the number of users you set for your request size limit.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Security/ConfigureLDAPwithSplunkWeb
I could do it myself changed the Group mapping attribute to dn instead of memberof and now I could login with the LDAP credentials.
yes after mapping the group, I assigned admin role to all the users in that group, there are 10 users in that group and I gave each of them admin rights, even i am included in that group. Once done i tried to login with the LDAP credentials, but it is showing as Invalid username and password.
You need to be added to the group (user role, for example) role with login privileges.
Yes,now i am able to view the groups that I required, but not able to login to the SPLUNK using the users belonging to that group. Is there anything else that I need to do?