I've configured my Splunk setup to use LDAP, and it shows the few users I've configured to meet my criteria in the list (see http://imgur.com/l5iTu)
If, however, I try to log on using the correct LDAP credentials, I receive "Invalid username and password" error. If after that I log in as admin again, the user I attempted to log in as has disappeared from the list (see http://imgur.com/tUIDz)
EDIT: Resynching the user list via the manager causes the username to reappear (curiouser and curiouser)
I'm running on an Enterprise License (albeit it a trial one) -- there aren't any policy reasons why this behaviour would occur, are there?
EDIT #2: Here's my authentication.conf:
[authentication]
authSettings = mycompany LDAP
authType = LDAP
[mycompany LDAP]
SSLEnabled = 0
bindDNpassword = $1$sQ==
charset = utf8
groupBaseDN = ou=Group,dc=mycompany,dc=com
groupBaseFilter = (cn=splunk*)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ldap.int.mycompany.com
port = 389
realNameAttribute = displayname
userBaseDN = dc=mycompany,dc=com
userBaseFilter = (ou=People)
userNameAttribute = uid
[roleMap]
admin = splunk-admin
splunk-admin = splunk-admin
splunk-dev-viewers = splunk-dev-viewers
splunk-ops-viewers = splunk-ops-viewers
splunk-report-builders = splunk-report-builders
splunk_qa_viewers = splunk-qa-viewers
user = People;splunk-admin;splunk-dev-viewers;splunk-ops-viewers;splunk-qa-viewers;splunk-report-builders
And here's my LDAP entry as an example:
# andrewn, People, mycompany.com
dn: cn=andrewn,ou=People,dc=mycompany,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: andrewn
uid: andrewn
givenName: Andrew
sn: Nicholson
homeDirectory: /home/andrewn
gecos: Andrew Nicholson
l: Melbourne
st: Victoria
uidNumber: xxxx
displayName: Andrew Nicholson
mail: andrew.nicholson@mycompany.com
employeeType: Employee
gidNumber: xxxxx
loginShell: /bin/bash
shadowLastChange: xxxxx
And one of our LDAP groups:
# splunk-admin, Group, mycompany.com
dn: cn=splunk-admin,ou=Group,dc=mycompany,dc=com
cn: splunk-admin
objectClass: groupOfNames
objectClass: top
description: Splunk Administrators
member: cn=xxxxxxx,ou=People,dc=mycompany,dc=com
member: cn=andrewn,ou=People,dc=mycompany,dc=com
member: cn=xxxxxxxx,ou=People,dc=mycompany,dc=com
... View more