Hi;
Seems like, with LDAP integrated and roles mapped to LDAP groups, Splunk will update its cached list of users and their roles only when a splunkweb session starts--ie, if we add a user to a mapped role, this does not show up in Manage > Access Controls > Users, but after that user logs in, he/she now shows up in that list.
On the other hand, if we make changes to that user's role, and he/she is currently logged into splunk web, that change will not take effect unless they log out and back in--correct?
We know we can hit manage > Access Controls > Authentication method > Reload authentication method to reset, but:
a) is there any setting in authentication.conf or limits.conf to make this happen on a periodic basis?
b) we see that according to http://blogs.splunk.com/2009/08/20/reload-4-auth/, we can do this via a cron job, but is this still best practice in 5.0 +?
thanks,
bw
... View more