Error while integrating Splunk with LDAP

franciscof · ‎02-11-2021

Hi guys, I´ve been trying to integrate Splunk with LDAP but I´m encountering this error:

What could this be?

Thanks in advance

scelikok · ‎02-12-2021

Yes, Splunk first check if local users matches. You can check the usernames/groups that comes from LDAP authentication on Setting | Users page. You will see all users with mapped roles and "Authentication System"

You may need to check the setting on "User name attribute" inside LDAP Strategy. It is usually "samaccountname".

If this reply helps you an upvote and "Accept as Solution" is appreciated.

scelikok · ‎02-11-2021

Did you map groups to roles? Required LDAP groups should be mapped to a Splunk Role.

You can find documentation below;

https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/MapLDAPgroupstoSplunkroles

If this reply helps you an upvote and "Accept as Solution" is appreciated.

franciscof · ‎02-12-2021

Yes I did. My local user is the same as my LDAP user, could that be causing trouble? However, there are other users that have different local and LDAP users and they also cannot log in.

scelikok · ‎02-11-2021

Hi @franciscof,

You may need to uncheck if "Enable referrals with anonymous bind only" in Advanced settings;

If this reply helps you an upvote and "Accept as Solution" is appreciated.

franciscof · ‎02-11-2021

That solved the error, but even though the configuration is OK, Splunk is not authenticating through LDAP. I can only access Splunk through my local user. What could this be?

Error while integrating Splunk with LDAP

using Splunk Enterprise

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services