- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- User missing roles.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
User missing roles.
Hello
I have users who do not have all the roles they should be associated with appearing in the Access Control>>Users webpage. Example user foo is in three ldap groups (a, b, and c) which are bound to role_a, role_b, and role_c. When I search for user foo according to splunk this users roles are role_a and role_b. If I look at the map groups for ldap strategies associated to role_a, role_b and role_c user foo is a member of each.
When I click on user foo in Access Control>>Users, selected roles is greyed out , and role_c is not assigned to the user foo only role_a and role_b. How do I get splunk to assign role_c to user foo. I also have several other user who are only getting role_c assigned to them even though they are part of either role_a and/or role_b.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe I have solved this issue. From my understanding you should have one ldap strategy per ldap server. I then limited the ldap strategy with group filters. Next I map each filter to its corresponding role. Now when I view my users I can see all the roles each user is part of.
I know I can have multiple ldap strategies for one ldap server, but is there a reason to this? How can I setup users to be able to view all the roles they belong to in a multiple ldap strategy environment when authenticating to one ldap server. Is this possible?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
reload the LDAP auth mapping and check the mapping and re-map if it still shows errors. Also, pls check the contents in authorize.conf and authentication.conf to ensure your changes are reflected.
https://docs.splunk.com/Documentation/Splunk/7.2.4/Security/SetupuserauthenticationwithLDAP
https://www.splunk.com/blog/2009/08/13/ldap-auth-configuration-tips.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you I have visited those pages several times.
Adding to my question
Can one ldap server have multiple ldap strategies in splunk?
Additionally should I be able to see all the roles a user belongs to or just the role that was used to authenticate?
For example in Under Access controls>>Users, for user foo in the roles columns, should I see all the roles the user belongs to or just the role used for authentication. Having said that where then can I see all the roles a user belongs to?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk can accept multiple LDAP strategies [ for my use case, i have used only 1]
You should be able to see all the roles the user is assigned to/mapped to.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe I have solved this issue. From my understanding you should have one ldap strategy per ldap server. I then limited the ldap strategy with group filters. Next I map each filter to its corresponding role. Now when I view my users I can see all the roles each user is part of.
I know I can have multiple ldap strategies for one ldap server, but is there a reason to this? How can I setup users to be able to view all the roles they belong to in a multiple ldap strategy environment when authenticating to one ldap server. Is this possible?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe when you define multiple strategies (need diff stanza), splunk loads them and checks in round robin to get all roles.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Makes sense, that would explain why not all my users are where they need to be. Seems like one strategy is the way to go, if I want to see in real time all the roles my user belong to.
Thanks for all your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How are the users assigned to splunk , is it probably being assigned through LDAP or SAML. You will have map roles to LDAP/SAML assignment groups in splunk. Mostly the assignment group from LDAP/SAML needs to be updated for those users.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
User are assigned to splunk with ldap. I have mapped the ldap groups to the ldap strategies and assigned those strategies to the corresponding roles. The user in question belongs to all three ldap groups but according to splunk the user is only assigned two of the three roles he should have access to.
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
