Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

nestedGroups is not working as expected for Active Directory LDAP

neiljpeterson
Communicator
‎07-03-2014 11:33 AM

I have a security group called Splunk Users that is mapped to the user role in Splunk.

When I add a user directly to this group they can auth fine.

When they are in a group called Developers which is in Splunk Users they are not able to auth.

Nested groups is selected.

Here is my authentication.conf

[authentication]
authSettings = Acme
authType = LDAP

[roleMap_Acme]
admin = Splunk Admins
api-user = Splunk API Users
can_delete = Splunk Admins
power = Splunk Admins;Splunk Power Users
splunk-system-role = Splunk Admins;Splunk System Users
user = Splunk Admins;Splunk Users

[Acme]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = CN=svc.splunk.ldapsearch,OU=Service and Administrative Accounts,DC=Acme,DC=net
bindDNpassword = 12345
charset = utf8
groupBaseDN = OU=Splunk,OU=Security Groups,DC=Acme,DC=net
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domaincontroller
nestedGroups = 1
network_timeout = 20
port = 636
realNameAttribute = cn
sizelimit = 10000
timelimit = 15
userBaseDN = OU=Employees,DC=Acme,DC=net;OU=Service and Administrative Accounts,DC=Acme,DC=net
userNameAttribute = samaccountname
Reply

joebisesi
Path Finder
‎11-12-2015 03:19 AM

I know this is late, but maybe it will help someone out. We fought with this one for a little while.

You would need to add the groupDN of the Developers group to the groupBaseDN line using a semi-colon.
Here is an example of how mine is configured and it works fine:
[Acme]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = Acme/splunkadmin
bindDNpassword = 1234
charset = utf8
groupBaseDN = OU=Information Technology,OU=GL Groups,OU=Security Groups,DC=Acme,DC=com;OU=PRD-Splunk,OU=DL Groups,OU=Security Groups,DC=Acme,DC=com
groupBaseFilter = (objectclass=group)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domain-controller
nestedGroups = 1
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 5000
timelimit = 15
userBaseDN = OU=Information Technology,OU=All Users,DC=Acme,DC=com
userBaseFilter = (objectclass=user)
userNameAttribute = samaccountname

Reply

joebisesi
Path Finder
‎02-09-2017 05:11 AM

You are very welcome p1948040. I'm glad it helped someone out.

0 Karma
Reply

neiljpeterson
Communicator
‎07-10-2014 07:50 AM

Anyone? Bueller?

0 Karma
Reply

p1948040
New Member
‎02-09-2017 02:13 AM

Thank you very much joebisesi for your follow up post - your fix has just resolved the same issue I have been trying to resolve!

Thanks again for taking the time to add this tip as a follow up.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...