I have a security group called
Splunk Users that is mapped to the
user role in Splunk.
When I add a user directly to this group they can auth fine.
When they are in a group called
Developers which is in
Splunk Users they are not able to auth.
Nested groups is selected.
Here is my authentication.conf
[authentication] authSettings = Acme authType = LDAP [roleMap_Acme] admin = Splunk Admins api-user = Splunk API Users can_delete = Splunk Admins power = Splunk Admins;Splunk Power Users splunk-system-role = Splunk Admins;Splunk System Users user = Splunk Admins;Splunk Users [Acme] SSLEnabled = 1 anonymous_referrals = 1 bindDN = CN=svc.splunk.ldapsearch,OU=Service and Administrative Accounts,DC=Acme,DC=net bindDNpassword = 12345 charset = utf8 groupBaseDN = OU=Splunk,OU=Security Groups,DC=Acme,DC=net groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = domaincontroller nestedGroups = 1 network_timeout = 20 port = 636 realNameAttribute = cn sizelimit = 10000 timelimit = 15 userBaseDN = OU=Employees,DC=Acme,DC=net;OU=Service and Administrative Accounts,DC=Acme,DC=net userNameAttribute = samaccountname
Thank you very much joebisesi for your follow up post - your fix has just resolved the same issue I have been trying to resolve!
Thanks again for taking the time to add this tip as a follow up.
I know this is late, but maybe it will help someone out. We fought with this one for a little while.
You would need to add the groupDN of the Developers group to the groupBaseDN line using a semi-colon.
Here is an example of how mine is configured and it works fine:
SSLEnabled = 1
anonymousreferrals = 1
bindDN = Acme/splunkadmin
bindDNpassword = 1234
charset = utf8
groupBaseDN = OU=Information Technology,OU=GL Groups,OU=Security Groups,DC=Acme,DC=com;OU=PRD-Splunk,OU=DL Groups,OU=Security Groups,DC=Acme,DC=com
groupBaseFilter = (objectclass=group)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domain-controller
nestedGroups = 1
networktimeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 5000
timelimit = 15
userBaseDN = OU=Information Technology,OU=All Users,DC=Acme,DC=com
userBaseFilter = (objectclass=user)
userNameAttribute = samaccountname