- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Is it possible to run LDAP searches against multip...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have an environment in which our machine accounts are located in two domains, and our user accounts are located in another, separate domain. Also, the user domain is trusted by the machine domains, but the machine domains are not trusted by the user domain.
Is it possible to have Splunk do LDAP searches against all three domains?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The documentation states that it is indeed possible to configure multiple domains with SA-ldapsearch. (With instructions on how to add and remove domains)
That's why ldapsearch has a domain parameter. Now if you're wanting to have searches against all three domains in the same Splunk search, this is where commands like append might be useful, but it depends on what you're actually trying to do with queries against all three domains will determine how you want to join the results, if you want to do such.
Furthermore, I am not an AD administrator, but depending on how the domains are set up, if all three domains are in the same forest, you may be able to configure SA-Ldapsearch to query the global catalog instead of each individual domain, thus being able to retrieve objects from one LDAP query instead of three. I'll defer to TechNet to explain more about the global catalog and how to use it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The documentation states that it is indeed possible to configure multiple domains with SA-ldapsearch. (With instructions on how to add and remove domains)
That's why ldapsearch has a domain parameter. Now if you're wanting to have searches against all three domains in the same Splunk search, this is where commands like append might be useful, but it depends on what you're actually trying to do with queries against all three domains will determine how you want to join the results, if you want to do such.
Furthermore, I am not an AD administrator, but depending on how the domains are set up, if all three domains are in the same forest, you may be able to configure SA-Ldapsearch to query the global catalog instead of each individual domain, thus being able to retrieve objects from one LDAP query instead of three. I'll defer to TechNet to explain more about the global catalog and how to use it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One reason I wrote this little add-on https://splunkbase.splunk.com/app/1852/ was the limitation of the older sa-ldapsearch app; also it uses the Python LDAP module. But it only works on *nix and not Windows....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
help? anyone? PLEASE!
Join Us for Splunk University and Get Your Bootcamp Game On!
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
Announcing Scheduled Export GA for Dashboard Studio
