How to configure Splunk to authenticate through LD...

msg64 · ‎06-13-2017

I am very new to Splunk. I am looking for a simplified document to help me configure Splunk to authenticate through LDAP. Is there such a document?

woodcock · ‎12-05-2018

LDAP is tough. I would suggest 2 things:

1: Watch this video, by @ninja, IT ROCKS: https://youtu.be/JEo6dNXigBo
2: Test/experiment with the ldapsearchtool; install with sudo yum -y install openldap

jfeitosa_real · ‎12-05-2018

Hi, try this steps:
https://www.learnsplunk.com/splunk-ldap-authentication-configuration.html

eagle4splunk · ‎06-14-2017

Here are the basic steps if you are doing this from the UI (you can also go to the CLI and update authentication.conf):

From your search head, go to Settings > Access Controls > Authentication Method
Select LDAP and click on Configure Splunk to use LDAP
Click New, populate the required fields on the form and save.

If the connection to your LDAP host works, your strategy will be saved and you can then click on "Map Groups" to assign Splunk roles to you Active Directory groups.

micahkemp · ‎06-14-2017

Have you checked out the existing Splunk documentation for this?

http://docs.splunk.com/Documentation/Splunk/6.6.1/Security/SetupuserauthenticationwithLDAP

How to configure Splunk to authenticate through LDAP?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes