Deployment Architecture

How to fix the Splunk LDAP AD SYN issue ?

Hemnaath
Motivator

Hi All,

One of our Cyber security person facing a strange issue while trying to access the data from the Splunk search portal.
Initial level of troubleshooting the issue we found that Roles/Permission are not syncing but later we found that Roles/Permission are auto changing frequently. We could not find any ERROR/WARN in the splunkd.log, so not sure how to troubleshoot this issue

Splunk version : 8.2 

OS: Linux 

Authentication mode: LDAP 

Environment: Splunk distributed Production Environment. 

Problem statement:  Roles/Permission are not syncing properly its getting auto changed frequently. 

Kindly let me know what are steps we should follow to troubleshoot this type of issue.

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...