All Apps and Add-ons

SA-ldapsearch in distributed environment how to use ldapsearch from search head with SA-ldapsearch only installed on Indexers?

danje57
Path Finder

Hi all,

We have this architecture:

One search head and Two Indexers

We installed SA-Ldapsearch on our Indexers only, as only Indexers have access to our LDAP for qurying Active Directory.

How to use our search head to perform queris on Active Directory based on search returned by Indexers?

Indeed, Search Head doesn't have access to the Active Directory.

We assume that it is possible to use search peers to launch the query and then provide the result of the search to the Search Head.

Do you have any suggestion?

Thanks in advance.

0 Karma

koshyk
Super Champion

SA-ldapsearch ONLY has to be in your Search Head tier. Please note, this app is used for querying via Splunk GUI and NOT for integrating to Splunk user authentication (which many people wrongly assume).
So the two ways i can think of are in order of preference.
1. Request Firewall Access for your Search Head to LDAP
2. swap your indexer to SH if they are same powerful boxes & storage
2. Request UI access for one indexer (not ideal) and may be one or two person can have special permissions to run LDAP query

(PS: I'm not a fan of SA-ldapsearch as it is too slow imo)

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...