Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

nestedGroups is not working as expected for Active Directory LDAP

neiljpeterson
Communicator
‎07-03-2014 11:33 AM

I have a security group called Splunk Users that is mapped to the user role in Splunk.

When I add a user directly to this group they can auth fine.

When they are in a group called Developers which is in Splunk Users they are not able to auth.

Nested groups is selected.

Here is my authentication.conf

[authentication]
authSettings = Acme
authType = LDAP

[roleMap_Acme]
admin = Splunk Admins
api-user = Splunk API Users
can_delete = Splunk Admins
power = Splunk Admins;Splunk Power Users
splunk-system-role = Splunk Admins;Splunk System Users
user = Splunk Admins;Splunk Users

[Acme]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = CN=svc.splunk.ldapsearch,OU=Service and Administrative Accounts,DC=Acme,DC=net
bindDNpassword = 12345
charset = utf8
groupBaseDN = OU=Splunk,OU=Security Groups,DC=Acme,DC=net
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domaincontroller
nestedGroups = 1
network_timeout = 20
port = 636
realNameAttribute = cn
sizelimit = 10000
timelimit = 15
userBaseDN = OU=Employees,DC=Acme,DC=net;OU=Service and Administrative Accounts,DC=Acme,DC=net
userNameAttribute = samaccountname
Reply

joebisesi
Path Finder
‎11-12-2015 03:19 AM

I know this is late, but maybe it will help someone out. We fought with this one for a little while.

You would need to add the groupDN of the Developers group to the groupBaseDN line using a semi-colon.
Here is an example of how mine is configured and it works fine:
[Acme]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = Acme/splunkadmin
bindDNpassword = 1234
charset = utf8
groupBaseDN = OU=Information Technology,OU=GL Groups,OU=Security Groups,DC=Acme,DC=com;OU=PRD-Splunk,OU=DL Groups,OU=Security Groups,DC=Acme,DC=com
groupBaseFilter = (objectclass=group)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domain-controller
nestedGroups = 1
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 5000
timelimit = 15
userBaseDN = OU=Information Technology,OU=All Users,DC=Acme,DC=com
userBaseFilter = (objectclass=user)
userNameAttribute = samaccountname

Reply

joebisesi
Path Finder
‎02-09-2017 05:11 AM

You are very welcome p1948040. I'm glad it helped someone out.

0 Karma
Reply

neiljpeterson
Communicator
‎07-10-2014 07:50 AM

Anyone? Bueller?

0 Karma
Reply

p1948040
New Member
‎02-09-2017 02:13 AM

Thank you very much joebisesi for your follow up post - your fix has just resolved the same issue I have been trying to resolve!

Thanks again for taking the time to add this tip as a follow up.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...