Splunk Enterprise

Migrating LDAP users to new Cluster


Hi all,


I have an interesting problem I discovered. Recently, we migrated our Splunk Cluster to a different cluster hosted somewhere else. Since we use LDAP authentication , we need to migrate over User information as well as the LDAP strategies so that the user experience is not affected by the move. We copied over the authorize.conf, authentication.conf as well as the user folder for their KO. There were over 100 different users that we did this.

We deployed the user folder using the new cluster's Deployer and we copied over the authorize.conf/authentication.conf manually to the system/local folder.

We verified user access and various users were able to verify that they can login. However we  (the splunk Admins) realized that we cannot see these users logging in from the authentication endpoint. When we click the User tab under "Users and Authentication" in Settings, the GUI only shows that there are 10 users (including the admins). The rest endpoint ( |rest /services/authentication/users) also says the same thing. 


So my question is,  where does Splunk store user information that it references when hitting the authentication endpoint ?  Is there any reason why copying over the User folder and authentication/authorization.conf was not enough?


Thank you!

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...