Security

Nested Active Directory Groups

treinke
Builder

I have the LDAP authentication setup in Splunk. I have created groups in Active Directory to handle the users (Splunk-Users, Splunk-PowerUsers, etc.). There is a AD group that already contained a set up users I want added in to Splunk. I added that user group to the AD group I have mapped to Users. The user group's location in AD is not in the same location I have for the Splunk groups. When I go in to Users, I see the nested group in Users as a User.

Is there a way to use nested AD groups in Splunk LDAP Authentication?

There are no answer without questions
Tags (2)
1 Solution

ekost
Splunk Employee
Splunk Employee

Nested group support for OpenLDAP and AD has been added as of Splunk 4.3. Here's a blog post covering some details: http://blogs.splunk.com/2012/02/23/splunk-and-nested-groups-for-authorization/

View solution in original post

ekost
Splunk Employee
Splunk Employee

Nested group support for OpenLDAP and AD has been added as of Splunk 4.3. Here's a blog post covering some details: http://blogs.splunk.com/2012/02/23/splunk-and-nested-groups-for-authorization/

Glenn
Builder

Splunk is pretty bad in this area, I have had an enhancement request (45531) in for this functionality since Jul 8, 2010 7:08 AM (yes that's about 16 months) and it is still not scheduled to be included.

It wastes a couple of hours of time for a few people in my organisation each week, due to them having to assign individual members (new starters) to the groups, rather than them automatically being included for appropriate access via their team's role group. Over the course of the last 2 years this probably adds up to quite a large operating cost!

Please include this enhancement soon. How can we get its priority raised?

the_wolverine
Champion

Splunk is unable to traverse nested LDAP groups. LDAP users must be direct members of the group mapped to Splunk role.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...