Security

add ldap groups from database

sarit_s
Communicator

Hello

im wondering if it is possible to add ldap group from db?

i have some groups managed in db table and the it admin does not want to manage it is also in ldap (for splunk security and rules)
im wondering if i can use the db table to manage rules in splunk ?

thanks

Tags (2)
0 Karma
1 Solution

DavidHourani
Super Champion

Hi @sarit_s,

The answer to your question is : "Use LDAP".. don't rely on another DB especially if it's not managed, maintained and supervised centrally by your security.

So yes, recreate the groups from that database on your AD and just import them from there and map them as follows:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/MapLDAPgroupstoSplunkroles

Cheers,
David

View solution in original post

DavidHourani
Super Champion

Hi @sarit_s,

The answer to your question is : "Use LDAP".. don't rely on another DB especially if it's not managed, maintained and supervised centrally by your security.

So yes, recreate the groups from that database on your AD and just import them from there and map them as follows:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/MapLDAPgroupstoSplunkroles

Cheers,
David

amitm05
Builder

Can you add more context to your query here.
Is this a kind of alternative you are trying for ldap auth in your Splunk OR you have some other purpose for them ?

If its the auth, I'd like to hear more from you about how are you planning it ? If not, it'd be like any other DB table that can be ingested and managed through DBX app

0 Karma

sarit_s
Communicator

Hey
Yes, it is for ldap auth
I have groups that managed in ldap today
And i have to add some more groups that already managed in some db table
The admin of that prefer not to manage this list of groups in both db table and ldap
So i wondered if there is a way to take somehow the data from the table and add it to ldap so i will be able to manage splunk rules

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...