Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

how to disable a specific user

seanlon11
Path Finder
‎08-02-2011 01:54 PM

I am in the process of migrating our Splunk indexer to a new server. I have everything setup, and would like to force a select few users to use the new server instead of the old.

The best design I have created so far is to just disable the user's from logging into the old system. This will be a constant reminder for them to use the new Splunk server. Both Splunk servers point to the same LDAP server, so I cannot alter their LDAP settings.

How can I disable a user from logging into Splunk?

Thanks,
Sean

Tags (1)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎08-02-2011 09:43 PM

I dont think you can disable an LDAP user from a particular Splunk server.

However if you're using LDAP and you then edit one of the LDAP users in Splunk's Manager interface (yes this is bizarre), that submitting the edit form will create a local splunk user, and I think that this local user then takes precedence over the same username in LDAP for subsequent logins.

If I'm right, then you could go into Manager as the admin user, change the other user's password there, and although it wouldnt tell them why they suddenly cant log in, it might serve your needs.

(login as admin, go to Manager > Access Controls > Users, page/search your way to the user in question, then click on the username, change their password)

0 Karma
Reply

fk319
Builder
‎08-03-2011 07:36 AM

It seems to me that you can set up a new app and display a message and link to the new server. (I guess you can auto refrish the new server if you like.) Then change your selected users to use this new app as default. This will do the trick if they just log in, but if they have a link to a specific view, it wont.

0 Karma
Reply

seanlon11
Path Finder
‎08-03-2011 06:39 AM

Thanks for the answer. However, when I log in with my Splunk admin account, the "change password" options are blanked out to where I cannot change the password.

Any other ideas?

Thanks,
Sean

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...