Deployment Architecture

How to fix the Splunk LDAP AD SYN issue ?

Hemnaath
Motivator

Hi All,

One of our Cyber security person facing a strange issue while trying to access the data from the Splunk search portal.
Initial level of troubleshooting the issue we found that Roles/Permission are not syncing but later we found that Roles/Permission are auto changing frequently. We could not find any ERROR/WARN in the splunkd.log, so not sure how to troubleshoot this issue

Splunk version : 8.2 

OS: Linux 

Authentication mode: LDAP 

Environment: Splunk distributed Production Environment. 

Problem statement:  Roles/Permission are not syncing properly its getting auto changed frequently. 

Kindly let me know what are steps we should follow to troubleshoot this type of issue.

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...