Security

Roles from LDAP (nested groups)

terago
Engager

When will Splunk support nested group membership from LDAP/Active Directory?

It's a real pain having to add users to the SPLUNK groups, vs using role based groups that are then inherited access via group memberships.

This is one of the huge benefits to having an LDAP backend.

1 Solution

ithangasamy_spl
Splunk Employee
Splunk Employee

LDAP nested group support is going to be available in the next release of Splunk, which is currently in beta testing, you can request a copy for evaluation from PMs

View solution in original post

Simon
Contributor

As a workaround, you can set up an Apache and a crowd daemon, which provides the feature to deliver nested groups as flat ones (http://www.atlassian.com/software/crowd/overview). There is an Apache authentication module for crowd (http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache) too. Using Splunk's SSO feature and these components above, you'll be able to use nested groups.
HTH.

0 Karma

ithangasamy_spl
Splunk Employee
Splunk Employee

LDAP nested group support is going to be available in the next release of Splunk, which is currently in beta testing, you can request a copy for evaluation from PMs

ithangasamy_spl
Splunk Employee
Splunk Employee

Can you please elaborate on your problem? OOTB, the nested group support is disabled in the LDAP strategy page, did you check the box labeled "Nested groups" ? If still not working send me a note.

0 Karma

darkavich
New Member

I just installed 4.3 today and it doesn't appear to be fixed. The only change I can tell is it now filters out the nested group name.

0 Karma

Glenn
Builder

Sweet, thanks for the update.

0 Karma

Glenn
Builder

Splunk is pretty bad in this area, I have had an enhancement request (45531) in for this functionality since Jul 8, 2010 7:08 AM (yes that's about 16 months) and it is still not scheduled to be included.

It wastes a couple of hours of time for a few people in my organisation each week, due to them having to assign individual members (new starters) to the groups, rather than them automatically being included for appropriate access via their team's role group. Over the course of the last 2 years this probably adds up to quite a large operating cost!

Please include this enhancement soon. How can we get its priority raised?

0 Karma

jbsplunk
Splunk Employee
Splunk Employee

At this point, AFAIK, this is not an enhancement that is scheduled.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...