Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

User missing roles.

emmdominguez
Observer
‎02-21-2019 11:22 AM

Hello

I have users who do not have all the roles they should be associated with appearing in the Access Control>>Users webpage. Example user foo is in three ldap groups (a, b, and c) which are bound to role_a, role_b, and role_c. When I search for user foo according to splunk this users roles are role_a and role_b. If I look at the map groups for ldap strategies associated to role_a, role_b and role_c user foo is a member of each.

When I click on user foo in Access Control>>Users, selected roles is greyed out , and role_c is not assigned to the user foo only role_a and role_b. How do I get splunk to assign role_c to user foo. I also have several other user who are only getting role_c assigned to them even though they are part of either role_a and/or role_b.

Thanks

Tags (1)
0 Karma
Reply

emmdominguez
Observer
‎02-26-2019 06:27 AM

I believe I have solved this issue. From my understanding you should have one ldap strategy per ldap server. I then limited the ldap strategy with group filters. Next I map each filter to its corresponding role. Now when I view my users I can see all the roles each user is part of.

I know I can have multiple ldap strategies for one ldap server, but is there a reason to this? How can I setup users to be able to view all the roles they belong to in a multiple ldap strategy environment when authenticating to one ldap server. Is this possible?

Thanks

0 Karma
Reply

lakshman239
Influencer
‎02-22-2019 09:17 AM

reload the LDAP auth mapping and check the mapping and re-map if it still shows errors. Also, pls check the contents in authorize.conf and authentication.conf to ensure your changes are reflected.

https://docs.splunk.com/Documentation/Splunk/7.2.4/Security/SetupuserauthenticationwithLDAP

https://www.splunk.com/blog/2009/08/13/ldap-auth-configuration-tips.html

0 Karma
Reply

emmdominguez
Observer
‎02-22-2019 10:16 AM

Thank you I have visited those pages several times.
Adding to my question

Can one ldap server have multiple ldap strategies in splunk?

Additionally should I be able to see all the roles a user belongs to or just the role that was used to authenticate?

For example in Under Access controls>>Users, for user foo in the roles columns, should I see all the roles the user belongs to or just the role used for authentication. Having said that where then can I see all the roles a user belongs to?

Thanks

0 Karma
Reply

lakshman239
Influencer
‎02-25-2019 05:51 AM

splunk can accept multiple LDAP strategies [ for my use case, i have used only 1]

You should be able to see all the roles the user is assigned to/mapped to.

0 Karma
Reply

emmdominguez
Observer
‎02-27-2019 12:02 PM

I believe I have solved this issue. From my understanding you should have one ldap strategy per ldap server. I then limited the ldap strategy with group filters. Next I map each filter to its corresponding role. Now when I view my users I can see all the roles each user is part of.

I know I can have multiple ldap strategies for one ldap server, but is there a reason to this? How can I setup users to be able to view all the roles they belong to in a multiple ldap strategy environment when authenticating to one ldap server. Is this possible?

Thanks

0 Karma
Reply

lakshman239
Influencer
‎02-27-2019 12:50 PM

I believe when you define multiple strategies (need diff stanza), splunk loads them and checks in round robin to get all roles.

0 Karma
Reply

emmdominguez
Observer
‎02-27-2019 12:54 PM

Makes sense, that would explain why not all my users are where they need to be. Seems like one strategy is the way to go, if I want to see in real time all the roles my user belong to.
Thanks for all your help.

0 Karma
Reply

Vijeta
Influencer
‎02-21-2019 01:11 PM

How are the users assigned to splunk , is it probably being assigned through LDAP or SAML. You will have map roles to LDAP/SAML assignment groups in splunk. Mostly the assignment group from LDAP/SAML needs to be updated for those users.

0 Karma
Reply

emmdominguez
Observer
‎02-22-2019 08:21 AM

Hello

User are assigned to splunk with ldap. I have mapped the ldap groups to the ldap strategies and assigned those strategies to the corresponding roles. The user in question belongs to all three ldap groups but according to splunk the user is only assigned two of the three roles he should have access to.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...