Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

active directory - how to map user to role ?

konradwawryn
Explorer
‎05-08-2013 01:23 PM

Hi Gurus,

I have connected Splunk server to my Active Directory server. I see LDAP groups and everything seems to be fine... but I cant login as user from selected Active Directory group. In the splunkd.log file I see this:

05-08-2013 22:18:12.304 +0200 ERROR AuthenticationManagerLDAP - user="konrad" has matching LDAP groups with strategy="AD", but none are mapped to Splunk roles
05-08-2013 22:18:12.304 +0200 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="konrad" on any configured servers

In my opinion it looks like wrong role mapping. How to configure role mapping in the proper way using Splunk gui ?
In this case Splunk documentation is not perfect for me. Maybe somebody could support me and tell me what to do ?

greetings from Europe

Konrad

0 Karma
Reply

bmacias84
Champion
‎05-10-2013 12:48 PM

Your mappings seems a little off. Here is a working version of LDAP Authentication that I used for group mappings. Make sure your LDAP mapping is correct by using an LDAP browser. My home lab use Windows 2008 R2 Native DC.

I chose to use user's email address (userPrincipalName) for logins. In AD the dn attribute is actually called distinguishedName. Case sensitivity is important.



[authentication] 

    authType = LDAP 

    authSettings = splunk_standarduser

    [splunk_standarduser] 

    host = muppets.net

    port = 389 

    SSLEnabled = 0 

    bindDN = service_splunk@muppets.net 

    bindDNpassword = encrypted_password 

    groupBaseDN = OU=DomainLocalGroups,OU=Groups,DC=muppets,DC=net 

    groupBaseFilter = (objectclass=*) 

    groupMappingAttribute = distinguishedName 

    groupMemberAttribute = member 

    groupNameAttribute = cn 

    realNameAttribute = displayName

    userBaseDN = OU=ITusers,DC=muppets,DC=net 

    userBaseFilter = (objectclass=*) 

    userNameAttribute = userPrincipalName 

    [roleMap_splunk_standarduser] 

    admin = serverTeam

    user = appTeam

Hope this helps or gets you started. Don't forget to vote and accept answers.

Cheers

Reply

jtworzydlo
Path Finder
‎05-10-2013 01:10 AM

Hi Konrad!
Pozdrowienia z Polski 🙂

To map the groups to roles go to:
Manager->Access Controls->Authentication method->Configure Splunk to use LDAP and map groups->In the Actions section of your LDAP strategy you'll see "Map groups".
Select the right group and the role you want to match with it.

Hope it helps 🙂
asia

Reply

cratoshg
New Member
‎12-14-2016 10:37 AM

jtworzydlo,

That's right, great suggestion, solved my problem..

0 Karma
Reply

aliimirza
Engager
‎07-19-2018 08:33 AM

Perfect, thanks.

0 Karma
Reply

konradwawryn
Explorer
‎05-10-2013 12:14 AM

thanks for Your feedback. Unfortunately, I`m not able to paste here text... crapy "answers script... "

Here You have a link to my configuration file:

http://justpaste.it/2lec

0 Karma
Reply

bmacias84
Champion
‎05-08-2013 01:35 PM

Could you post a scrubbed version of your Authentication.conf? I struggled with the first time too.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...