- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Splunk ldap
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to integrate Splunk with Ldap, and hence I entered the following set of information.
LDAP Strategy Name: ldap
Host: 192.127.44.155
Port: 389
Bind DN: CN=va230033,OU=Application Accounts,DC=corp,DC=ncr,DC=com
Bind DN password: xxxxxx
User base DN: dc=corp,dc=ncr,dc=com
User name attribute: samaccountname
Real name attribute: displayname
Group mapping attribute: dn
Group base DN: dc=corp,dc=ncr,dc=com
Group name attribute: cn
Static member attribute: member
When i created a ldap with the above settings, i received the following error: ldap server warning: size limi exceeded. Not only this once done, when I try to map groups i could not find the groups that I want. So as to make search more refinable, I even included the following filter: (&(objectCategory=group) (cn=sweng*)) under User base filter.
Doing so did not help me, still I could not retrieve the group that I require and still the error persists.
Thanks,
Sushma.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about increasing the size of this parameter?
Advanced settings -> Search request size limit
•Search request size limit
◦To avoid performance-related issues, you can set the search request size limit. Splunk will then request that the LDAP server return the specified maximum number of entries in response to a search request. In a large deployment with millions of users, setting this limit to a high value could result in a long response, depending on the search filter set in the LDAP strategy configuration. If this limit is reached, splunkd.log should contain a size limit exceeded message.
◦You should set the search request time limit and search request size limit values in conjunction with the splunkweb timeout property, described in "Configure user session timeouts". If you have a group that is not showing up in the Splunk console, it was likely excluded due to one of these limits. Tune these properties as needed.
◦To set the request size limit higher than 1000, you must also edit max_users_to_precache in limits.conf to accomodate the number of users you set for your request size limit.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Security/ConfigureLDAPwithSplunkWeb
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about increasing the size of this parameter?
Advanced settings -> Search request size limit
•Search request size limit
◦To avoid performance-related issues, you can set the search request size limit. Splunk will then request that the LDAP server return the specified maximum number of entries in response to a search request. In a large deployment with millions of users, setting this limit to a high value could result in a long response, depending on the search filter set in the LDAP strategy configuration. If this limit is reached, splunkd.log should contain a size limit exceeded message.
◦You should set the search request time limit and search request size limit values in conjunction with the splunkweb timeout property, described in "Configure user session timeouts". If you have a group that is not showing up in the Splunk console, it was likely excluded due to one of these limits. Tune these properties as needed.
◦To set the request size limit higher than 1000, you must also edit max_users_to_precache in limits.conf to accomodate the number of users you set for your request size limit.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Security/ConfigureLDAPwithSplunkWeb
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I could do it myself changed the Group mapping attribute to dn instead of memberof and now I could login with the LDAP credentials.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes after mapping the group, I assigned admin role to all the users in that group, there are 10 users in that group and I gave each of them admin rights, even i am included in that group. Once done i tried to login with the LDAP credentials, but it is showing as Invalid username and password.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to be added to the group (user role, for example) role with login privileges.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes,now i am able to view the groups that I required, but not able to login to the SPLUNK using the users belonging to that group. Is there anything else that I need to do?
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
