Splunk Enterprise

REST Authentication to IDX Cluster Peer

TheEggi98
Path Finder

Hi,
i have a question on Authenticating to IDX Cluster Peer via REST.

We have the following Environment:
3 IDX in Cluster
3 SH in Cluster
1 CM (License Manager, IDX Cluster Manager, Deployer & Deploymentserver)

Our normal Authentication for Web is currently with LDAP.

With my LDAP-User i can directly perform a GET request to an Indexer, but with a local User created over WebUI (tried local user in SHC and on CM) i cant perform any request to an indexer. 

The WebUI is disabled on the Indexers and they dont have the LDAP Configuration as the Searchheads does.

How does it come, that the Indexer know my LDAP User but not the locally created?

And how can i let the indexers to get to know a locally on SH or CM created user?

Labels (3)
0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

Each component has its own authentication settings (in case of search head cluster they are either pushed from deployer to all members or configured in run-time and distributed among members). So it's only natural that you can't authenticate to indexer using SH user.

If you can authenticate on your indexer it means someone needlessly pushed LDAP configuration to indexer layer (users don't interact with indexers directly!).

View solution in original post

TheEggi98
Path Finder

Thank you, found the authentication.conf with LDAP Configuration on our indexers

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Each component has its own authentication settings (in case of search head cluster they are either pushed from deployer to all members or configured in run-time and distributed among members). So it's only natural that you can't authenticate to indexer using SH user.

If you can authenticate on your indexer it means someone needlessly pushed LDAP configuration to indexer layer (users don't interact with indexers directly!).

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...