×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
srevel
New Member
Member since: ‎09-09-2010
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-09-2010
View All

Re: configuring splunk to read dynamic LDAP groups...

by in Security
‎08-15-2012 11:43 AM
‎08-15-2012 11:43 AM
I recently got this working on my own system, so I thought I would share the configuration. The LDAP portion is defined on similar work I wrote up for securing logins to Linux servers through PAM. That is treated in detail here: http://www.hurricanelabs.com/newsletters/login-security-using-openldap-and-pam/ For now though, I will just post the quick relevant parts to this discussion. In slapd.conf, I have the following: overlay dynlist dynlist-attrset groupOfNames labeledURI member Sample LDIF would look something like this: dn: cn=splunk,ou=groups,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: labeledURIObject cn: splunk labeledURI: ldap:///ou=users,dc=example,dc=com??one?(host=splunk) member: cn=placeholder,dc=example,dc=com Relevant LDIF for the user would be something like this: dn: uid=steve,ou=users,dc=example,dc=com uid: steve uidNumber: 1000 gidNumber: 100 cn: Steve User host: splunk objectClass: person objectClass: posixAccount objectClass: hostObject The following authentication.conf file is working for me to map users in LDAP with the host=splunk attribute to the admin role. The key is the dynamicMemberAttribute value that is used to tell splunkd which attribute to pull in order to do the dynamic search. Splunk does do the dynamic expansion on its own, which is why it requires this field. I cannot get this to work without that being defined. As soon as I remove it in Manager, I immediately get kicked out when logged in as an LDAP user. [authentication] authSettings = example.com authType = LDAP [roleMap_example.com] admin = splunk [example.com] SSLEnabled = 0 anonymous_referrals = 0 bindDNpassword = $1$0w== charset = utf8 dynamicMemberAttribute = labeleduri groupBaseDN = ou=groups,dc=example,dc=com groupBaseFilter = (cn=splunk) groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = ldap.example.com nestedGroups = 0 network_timeout = 20 port = 389 realNameAttribute = cn sizelimit = 1000 timelimit = 15 userBaseDN = ou=users,dc=example,dc=com userBaseFilter = (host=splunk) userNameAttribute = uid ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM