Does Splunk LDAP intergration support LDAP Extended Controls? In particular Matching rule OID 1.2.840.113556.1.4.1941 which is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match.
I've tried implement this in my ldap strategy, but Splunk pukes; however, if I pass the same LDAP query listed in the AuthenticationManagerLDAP logging channel using Apache Directory Studio it works fine.
Thanks in advanced,
Additiona Links:
Search Filter Syntax
3.1.1.3.4.1 LDAP Extended Control
Active Directory Recursive Queries
We have done this, and it does work.
Here is an example of what we did.
(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn=Splunk Access,ou=Groups,dc=contoso,dc=com))