Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why should i run reload auth every time i add users (LDAP enabled)

ma_anand1984
Contributor
‎08-09-2012 01:12 AM

We are having LDAP enabled for user management. I add user id in authentication.conf. then run the command splunk reload deploy-server. This command pushes authentication.conf to all pooled Search Head.

How ever users are not able to login.

Only after running 'splunk reload auth' in each SearchHead, user is able to login.

why should i run reload auth in every search head ? Is there any alternative ?

I'm seeing the below note in the link http://docs.splunk.com/Documentation/Splunk/latest/admin/SetupuserauthenticationwithLDAP

but i will have to reload auth when i add new users. Else they are not able to login.

Should i make some other changes?

Note: Splunk automatically checks LDAP membership information when a user attempts to log into Splunk. You do not need to reload the authentication configuration when adding or removing users.

Tags (5)
Reply
1 Solution
Solved! Jump to solution
Solution

Drainy
Champion
‎08-09-2012 01:49 AM

I'm not sure if there is some confusion here.

Within Splunk you map groups to roles. When a user logs in Splunk will check against your LDAP server, whatever groups they are a member of will be checked against the roles available and they will either be allowed to login or not.

You don't need to add user id's through a config this way. If you add a user to Splunk via the config then they are a local user and you will need to reload Splunk. Otherwise the correct way to add a new user is just to add them to the LDAP server and they will then be able to login. (Again, assuming they have membership of a group that is mapped to a role)

View solution in original post

Reply
Solved! Jump to solution
Solution

Drainy
Champion
‎08-09-2012 01:49 AM

I'm not sure if there is some confusion here.

Within Splunk you map groups to roles. When a user logs in Splunk will check against your LDAP server, whatever groups they are a member of will be checked against the roles available and they will either be allowed to login or not.

You don't need to add user id's through a config this way. If you add a user to Splunk via the config then they are a local user and you will need to reload Splunk. Otherwise the correct way to add a new user is just to add them to the LDAP server and they will then be able to login. (Again, assuming they have membership of a group that is mapped to a role)

Reply
Solved! Jump to solution

Drainy
Champion
‎08-09-2012 03:53 AM

Yes, the only problem is you are reloading everything through that. You will want to actually find the correct endpoint to reload auth services and only hit that, and I would do it via the web and not the CLI (just so you don't have to ssh to each machine 🙂 ). If you just hit that you will force a reload of everything which will hit performance unnecessarily

Reply
Solved! Jump to solution

ma_anand1984
Contributor
‎08-09-2012 03:50 AM

Thanks for all your time
I just found that we can reload using the following
./splunk reload auth -uri https://splunkserver:8089/

Reply
Solved! Jump to solution

Drainy
Champion
‎08-09-2012 03:34 AM

Oh and another suggestion would be to have specific groups created for each of the teams. Map those groups against the splunk roles and then by default, each time someone joins a team they will have access to those dashboards and you won't need a reload.

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎08-09-2012 03:26 AM

hmm, something like, http://SPLUNKSERVER:8000/en-US/debug/refresh?entity=/admin/auth-services may reload the config over the web. I think this will kick people out that are currently logged in. Maybe give that a try? If that works you could just make a shell script or a quick python script that you fire than hits that to reload each time you push out an update

Reply
Solved! Jump to solution

ma_anand1984
Contributor
‎08-09-2012 03:04 AM

I understand, turnaround time for adding people to LDAP group is very high in my organization. Also there are multiple teams who want to create dashboards and share only with their team members. so creation of roles happen a lot. your suggestions ?

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎08-09-2012 02:53 AM

Right, from memory (its been a few months since I've done an LDAP setup) you really should map groups against roles with that config, NOT users. By mapping users against roles you aren't actually gaining many benefits from using LDAP except for the single user account. By mapping groups against roles you will not have to push out a new config each time a new user is added. Instead you add them to the group on your LDAP server, that is the intended method of using this.

0 Karma
Reply
Solved! Jump to solution

ma_anand1984
Contributor
‎08-09-2012 02:35 AM

Thank you.
We use LDAP authentication but define roles in authorise.conf and use them. We are using ldap for authentication and splunk for access restriction (roles).

Now to map user to splunk defined role, i add them under [roleMap_AD] in authentication.conf as role_name = user id1,user id2,....

Now with this setup, i have to reload in each Search Head. Is there any way i can simplyfy this. We have 10 SH and doing it ten times if not a good idea

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...