Splunk Search

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

shashwatsandeep
New Member

We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created AD groups to determine permission to users and login to Splunk Web.
The issue we are facing is some of the users can login into Splunk who belongs to the AD group and some are unable to login although they belong to the same AD group with same permissions.
We are in Splunk Enterprise version 7.3.0
Can someone please suggest a possible solution for this.

Tags (1)
0 Karma

Wcd4v
New Member

So, with the users that cannot login, can you see their accounts in Splunk? If not, then the problem is with Splunk syncing with AD to create those accounts. I have seen before where if there aren't certain fields filled out in AD for users then their accounts won't sync, thus not be created in Splunk (maybe the Full Name field?). I would just compare one user that is working and one that isn't in AD and see if there are any empty field values.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...