I set up LDAP to filter the list of group names displayed by using the filter: (cn=splunk)
Set up a security group for each role that you want (e.g., splunk_admins, splunk_users).
Or you can use the "Maps_users_directly_to_roles" technique... This didn't work for us as we have too many users and our LDAP heirachy is pretty flat (i.e., we don't have an OU=IT_Dept).
The problem I am running into is users within the groups still cannot log in, even though they are listed within the groups in LDAP Strategy. 😞
Briefly, to add a user to a Splunk role: First, On Splunk Web make sure that you've mapped the Splunk role to an LDAP group. Then, on your LDAP server, add the user to that LDAP group. See http://docs.splunk.com/Documentation/Splunk/5.0.2/Security/SetupuserauthenticationwithLDAP for more information about LDAP strategies, managing users using LDAP, and LDAP configuration.
Just to clarify ... I don't want a pointer to the regular LDAP setup docs. I want a point to whatever document explains how to 'Map_users_directly_to_roles' rather than setting up an LDAP group for each role that we need.
I've updated the links in my answer and comment, hope this gives you what you need.
That document sounds like exactly what I need to solve the same problem described here. However I can't find it. Can anyone post a new link?
Okay, I understand the question better now. Here's the current documentation topic about managing users using LDAP:
http://docs.splunk.com/Documentation/Splunk/5.0.2/Security/ManageSplunkuserroleswithLDAP
Hope this helps.
Agreed - in my splunk instance, there are over 40 applications and it is not practical to create individual LDAP groups for all possible one-offs that will occur. I would prefer to take a user assigned to a particular LDAP group, and augment their privs. (Sorry to piggyback on your thread, but I think we are asking the same thing)
That works, but it potentially gives anyone else in that group access as well. That is not preferred.
Ditto - I was combing SplunkBase for the same question