Hi there
I've asked this question in two ways to hedge my bets as I'm trying to understand the mechanism for using LDAP groups in Splunk access a little better, and have a specific issue I'm trying to resolve.
I am trying to set up LDAP group access for Splunk, and have two groups created (including users) for read-only and admin privileges respectively. I have a non-human BindDN name to pull the group data. This BindDN user is not a member of either group. My own ID is, however - in summary, the issue is that when using my non-human BindDN, I cannot pull any groups, but when using my own ID I can see all the groups I am a member of and use those for the LDAP strategy.
So it seems that only a member of the groups can view the details & members of those groups - and I am assuming that at some level this is down to our LDAP implementation. So to resolve, I can add our non-human account to the groups and use that as the BindDN as planned, which is okay if necessary, but does mean we'd need to set up some controls around it.
The first part of my question comes about, however, because via ldapsearch, I CAN pull all group and membership data for all groups everywhere using my same non-human ID, which leads me to think that Splunk is making the query in a way that our LDAP limits the results for - so it would be nice to understand a little more about how that mechanism works to see if there is another way or if I am simply missing something.
Thanks in advance for any help!
... View more