Deployment Architecture

How to fix the Splunk LDAP AD SYN issue ?

Hemnaath
Motivator

Hi All,

One of our Cyber security person facing a strange issue while trying to access the data from the Splunk search portal.
Initial level of troubleshooting the issue we found that Roles/Permission are not syncing but later we found that Roles/Permission are auto changing frequently. We could not find any ERROR/WARN in the splunkd.log, so not sure how to troubleshoot this issue

Splunk version : 8.2 

OS: Linux 

Authentication mode: LDAP 

Environment: Splunk distributed Production Environment. 

Problem statement:  Roles/Permission are not syncing properly its getting auto changed frequently. 

Kindly let me know what are steps we should follow to troubleshoot this type of issue.

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...