Hi @dwaddle
All I did was a script to replace the ldap account and its password.
The file has got replaced with accountname and password but the password has not got encrypted after the splunk restart:
auth.conf Before
[lassie_np_ldap]
sslenabled = 1
anonymous_referrals = 1
binddn = cn=ezp_splunk_ldap,OU=ServiceAccounts,DC=im,DC=tcsco,DC=com
binddnpassword = $1$Hx+uKRbWP/f3
charset = utf8
emailattribute = mail
groupbasedn = OU=FIMT_Managed,OU=Groups,DC=im,DC=tcsco,DC=com
groupbasefilter = (|(cn=FIMT-LASSIE-) (cn=FIMTMON_))
groupmappingattribute = dn
groupmemberattribute = member
groupnameattribute = cn
host = ldapserver.tcsco.com
nestedgroups = 0
network_timeout = 20
port = 636
realnameattribute = displayname
sizelimit = 1000
timelimit = 15
userbasedn = DC=im,DC=tcsco,DC=com
userbasefilter = (objectclass=*)
usernameattribute = samaccountname
auth.conf After:
[lassie_np_ldap]
sslenabled = 1
anonymous_referrals = 1
binddn = cn=ezp_splunk_ldap_dev,OU=ServiceAccounts,DC=im,DC=tcsco,DC=com
binddnpassword = N3F1vSvt
charset = utf8
emailattribute = mail
groupbasedn = OU=FIMT_Managed,OU=Groups,DC=im,DC=tcsco,DC=com
groupbasefilter = (|(cn=FIMT-LASSIE-) (cn=FIMTMON_))
groupmappingattribute = dn
groupmemberattribute = member
groupnameattribute = cn
host = ldapserver.tcsco.com
nestedgroups = 0
network_timeout = 20
port = 636
realnameattribute = displayname
sizelimit = 1000
timelimit = 15
userbasedn = DC=im,DC=tcsco,DC=com
userbasefilter = (objectclass=*)
usernameattribute = samaccountname
Im using $SPLUNK_HOME/splunk/etc/system/local/authentication.conf" on all the SHs to make the changes.
... View more