I have a security group called Splunk Users
that is mapped to the user
role in Splunk.
When I add a user directly to this group they can auth fine.
When they are in a group called Developers
which is in Splunk Users
they are not able to auth.
Nested groups is selected.
Here is my authentication.conf
[authentication]
authSettings = Acme
authType = LDAP
[roleMap_Acme]
admin = Splunk Admins
api-user = Splunk API Users
can_delete = Splunk Admins
power = Splunk Admins;Splunk Power Users
splunk-system-role = Splunk Admins;Splunk System Users
user = Splunk Admins;Splunk Users
[Acme]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = CN=svc.splunk.ldapsearch,OU=Service and Administrative Accounts,DC=Acme,DC=net
bindDNpassword = 12345
charset = utf8
groupBaseDN = OU=Splunk,OU=Security Groups,DC=Acme,DC=net
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domaincontroller
nestedGroups = 1
network_timeout = 20
port = 636
realNameAttribute = cn
sizelimit = 10000
timelimit = 15
userBaseDN = OU=Employees,DC=Acme,DC=net;OU=Service and Administrative Accounts,DC=Acme,DC=net
userNameAttribute = samaccountname
I know this is late, but maybe it will help someone out. We fought with this one for a little while.
You would need to add the groupDN of the Developers group to the groupBaseDN line using a semi-colon.
Here is an example of how mine is configured and it works fine:
[Acme]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = Acme/splunkadmin
bindDNpassword = 1234
charset = utf8
groupBaseDN = OU=Information Technology,OU=GL Groups,OU=Security Groups,DC=Acme,DC=com;OU=PRD-Splunk,OU=DL Groups,OU=Security Groups,DC=Acme,DC=com
groupBaseFilter = (objectclass=group)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = domain-controller
nestedGroups = 1
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 5000
timelimit = 15
userBaseDN = OU=Information Technology,OU=All Users,DC=Acme,DC=com
userBaseFilter = (objectclass=user)
userNameAttribute = samaccountname
You are very welcome p1948040. I'm glad it helped someone out.
Anyone? Bueller?
Thank you very much joebisesi for your follow up post - your fix has just resolved the same issue I have been trying to resolve!
Thanks again for taking the time to add this tip as a follow up.