Example authentication.conf:
[authentication]
authSettings = AD
authType = LDAP
[AD]
SSLEnabled = 1
anonymous_referrals = 0
bindDN = batman
bindDNpassword = $1$oX4lsdfsdf899f0s//==
charset = utf8
groupBaseDN = ou=People,ou=Security,dc=gotham,dc=local
groupBaseFilter = (objectClass=group)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = batcave01dc02.gotham.city
nestedGroups = 0
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = OU=People,DC=gotham,DC=local
userBaseFilter = (objectCategory=Person)
userNameAttribute = samaccountname
You might have namespace conflicts between Splunk users and AD users. Unselect "Splunk" as an authentication option to prevent conflicts.
No restart of Splunk is needed. Confirm AD groups are seen under Access controls » Authentication method » LDAP strategies » Map Groups.
To test: 1) map a group to a desired role, then 2) login as a member of the group.
... View more