- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Re: mapping users to role
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have created LDAP configuration in our SPLUNK deployment.
Version 6.0
DO NOT EDIT THIS FILE!
Please make all changes to files in $SPLUNK_HOME/etc/system/local.
To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/system/default
into ../local and edit there.
This file configures authentication.
[authentication]
authType = LDAP
authSettings = SHC
Note: the caching specified in this stanza only applies to scripted authentication.
If you are using scripted authentication, you can override these cache timing values in
your $SPLUNK_HOME/etc/system/local/authentication.conf
[SHC]
host = XXXXXXXXXXXXXXXXXXXXX
port = 389
SSLEnabled = 0
bindDN = anonymous
User Configurations
realNameAttribute = cn
userBaseDN = ou=people,o=intra,dc=sears,dc=com
userBaseFilter = (objectclass=*)
userNameAttribute = uid
Group Configurations
groupBaseDN = ou=people,o=intra,dc=sears,dc=com
groupBaseFilter = (objectclass=*)
groupMappingAttribute = uid
groupMemberAttribute = uid
groupNameAttribute = uid
[roleMap_SHC]
admin = lbirnba;pbussie;rsen0;vjaiswa
All the users have got added. But they they are not able to login(except for the admin users). I think I need to assign each user to a role before they can login. I am thinking of assigning the "user" role to all users. How do I achieve that without using groups. We do not use groups in our LDAP.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using LDAP group and then map Splunk role with each LDAP group. Role is assigned to LDAP users by adding them to the appropriate LDAP group.
In your case without using LDAP groups, if admin role users can log in then by the same token, you can assign users to Splunk role 'user' as follow under 'roleMap_SHC' stanza:
[roleMap_SHC]
admin = lbirnba;pbussie;rsen0;vjaiswa
user =
Ming
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only way I can think of is to use scripted authentication.
You can find more info at http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentic....
-Ming
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using LDAP group and then map Splunk role with each LDAP group. Role is assigned to LDAP users by adding them to the appropriate LDAP group.
In your case without using LDAP groups, if admin role users can log in then by the same token, you can assign users to Splunk role 'user' as follow under 'roleMap_SHC' stanza:
[roleMap_SHC]
admin = lbirnba;pbussie;rsen0;vjaiswa
user =
Ming
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only problem is that I cannot add all users like that. Is there any way to set all users to have "user" role by default.Something like --
user = ALL
or
user = *
I tried both but not working.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See accepted answer in this post if its of any use.
http://answers.splunk.com/answers/43842/mapping-ldap-user-to-roles-matched-groups-are-not-found-in-r...
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
Explore the Latest Educational Offerings from Splunk (November Releases)
New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...
