We are having multiple roles created in Splunk restricted by their index and users will be added to this role via AD group and we use LDAP method for authentication. Below is authentication.conf [...
See more...
We are having multiple roles created in Splunk restricted by their index and users will be added to this role via AD group and we use LDAP method for authentication. Below is authentication.conf [authentication]
authType = LDAP
authSettings = uk_ldap_auth
[uk_ldap_auth]
SSLEnabled = 1
bindDN = CN=Infodir-HBEU-INFSLK,OU=Service Accounts,DC=InfoDir,DC=Prod,DC=FED
groupBaseDN = OU=Splunk Network Log Analysis UK,OU=Applications,OU=Groups,DC=Infodir,DC=Prod,DC=FED
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = aa-lds-prod.uk.fed
port = 3269
userBaseDN = ou=HSBCPeople,dc=InfoDir,dc=Prod,dc=FED
userNameAttribute = employeeid
realNameAttribute = displayname
emailAttribute = mail
[roleMap_uk_ldap_auth]
<roles mapped with AD group created> Checked this post - https://community.splunk.com/t5/Security/How-can-I-generate-a-list-of-users-and-assigned-roles/m-p/194811 and try to give the same command - |rest /services/authentication/users splunk_server=local
|fields title roles realname |rename title as userName|rename realname as Name Given this in SH search, but hardly returning only 5 results but we have nearly 100 roles created. Even given splunk_server=*, still the same result. I am having admin role as well and I hope I have the needed capabilities. Not sure what am I missing here? Any thoughts?