Splunk Search

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

shashwatsandeep
New Member

We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created AD groups to determine permission to users and login to Splunk Web.
The issue we are facing is some of the users can login into Splunk who belongs to the AD group and some are unable to login although they belong to the same AD group with same permissions.
We are in Splunk Enterprise version 7.3.0
Can someone please suggest a possible solution for this.

Tags (1)
0 Karma

Wcd4v
New Member

So, with the users that cannot login, can you see their accounts in Splunk? If not, then the problem is with Splunk syncing with AD to create those accounts. I have seen before where if there aren't certain fields filled out in AD for users then their accounts won't sync, thus not be created in Splunk (maybe the Full Name field?). I would just compare one user that is working and one that isn't in AD and see if there are any empty field values.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...