LDAP authentication error: user has matching LDAP groups but none are mapped to Splunk roles

New Member


My LDAP setup in etc/system/local/authentication.conf produces the following error when I try to authenticate with my crentials:

06-23-2014 00:08:24.563 -0700 ERROR AuthenticationManagerLDAP - user="yayogev" has matching LDAP groups with strategy="ldap_AD", but none are mapped to Splunk roles
06-23-2014 00:08:24.564 -0700 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="yayogev" on any configured servers 

I tested with ldapsearch as suggested in thw "Test your LDAP configuration" page in the docs, and I got the expected results. On the other hand, in the Web UI undr "Access controls » Authentication method » LDAP strategies » LDAP Groups" I see a very partial list of groups.

Here are the contents of authentication.conf (anonimized):

authType = LDAP
authSettings = ldap_AD

host =
port = 636
SSLEnabled = 1
bindDN = <bind-dn>
bindDNpassword = <...>
userBaseDN = OU=Employees, OU=My Company Users, DC=dev, DC=mycompany, DC=com
groupBaseDN = OU=My Company Groups,DC=dev,DC=mycompany, DC=com
groupBaseFilter = (objectclass=group)
userNameAttribute = sAMAccountName
realNameAttribute = cn
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
timelimit = 10
network_timeout = 15

admin = mygroup-splunk-admins
power = mygroup-core
0 Karma


Your [roleMap_???] stanza is incorrect.

The ??? must match the value you specified in the LDAP settings stanza name, in your case "ldap_AD". So the third stanza name should be [roleMap_ldap_AD] not [roleMap_ldap_AD_usergroups].

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!