Security
Highlighted

Why are users from an LDAP Authenticated group not showing up?

Engager

We have created a group through our Active Directory team that contains ~6000 users. We have mapped this group through LDAP authentication on a single Splunk instance as we would normally do with any other AD group. However users that belong to this newly created group are unable to login.

If I check the settings for this user group the "LDAP Users" field is entirely blank. This occurrence only appears for this particular group, all others have their LDAP Users field populated appropriately. We have checked in the AD and all the users that should be in the group are correctly listed, but why are they not rendering in Splunk?

0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

Influencer

Did you try reload auth? or restart splunk instance?
If you have groupBaseFilter defined, ensure the new group falls under those filters.

0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

Engager

Yes we have reloaded authentication and restart the splunk instance. groupBaseFilter is defined and the group we are authenticating belongs to that definition.

0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

Influencer

anything in splunkd.log for failed authentication?

0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

Engager

We have set logging for ScopedLDAPConnection to DEBUG and it looks as if the attributes are all being added and loading correctly however we do see a LDAP server warning: Size limit exceeded warning appear on the group mapping page.

Our AD team has set the LDAP size limit to 1000, which would explain why maybe we're not able to see the 6000 users coming through, but there is no pageSize value for us to set on the Splunk side, nor has setting the search size parameter or the maxusersto_precache parameter to anything higher than 1000 worked for us.

0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

Engager

The issue addressed in this question was resolved with the assistance of a Splunk Support Case.

0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

SplunkTrust
SplunkTrust

@vxb4892, To help future readers, please describe how you resolved the problem then accept the answer.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: Why are users from an LDAP Authenticated group not showing up?

New Member

Do you get a solution for this problem?

0 Karma