Security

multiple LDAP strategy login use and precedence

robf
Path Finder

How do you specify the domain(ldap strategy) of the account you are logging into when you have mutliple LDAP strategies?

eg. you have 2 matching named accounts mappeed to roles as part of various groups in different domain/ldap strategies.

LdapstrategyA\jbloggs1
LdapstrategyB\jbloggs1

From the login prompt it will not let you use the Domain\account convention

You can login with

USERNAME: jbloggs1

but the follwing produces error:

USERNAME: LdapstrategyA\jbloggs1

What will happen when two LDAP starategies have a matchng username?
Does this use the Connection Order? if password fails for the first account it finds will it continue to the other ldap strategies to look for another account?

0 Karma

yong_ly
Path Finder

From my experience, that is correct. It checks the first LDAP strategy and applies the roles defined in there and if the user fails the first one, it checks the second one.

You won't get both roles defined.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...