Splunk Search

Can I map multiple groups to be bound to one role?

daniel333
Builder

All,

Can I map multiple AD groups to one role in authentication.conf? Example?

0 Karma
1 Solution

nareshinsvu
Builder

@daniel333 - Yes you can. Separate the groups with a semicolon while defining LDAP strategy. And then define a rolemap as shown in the below example. The same can be achieved through GUI as well.

groupBaseDN = [<\string>;<\string>;...]
* The LDAP Distinguished Names of LDAP entries whose subtrees contain
the groups.
* Required.
* Enter a semicolon (;) delimited list to search multiple trees.
* If your LDAP environment does not have group entries, there is a
configuration that can treat each user as its own group:
* Set groupBaseDN to the same as userBaseDN, which means you search
for groups in the same place as users.
* Next, set the groupMemberAttribute and groupMappingAttribute to the same
setting as userNameAttribute.
* This means the entry, when treated as a group, uses the username
value as its only member.
* For clarity, also set groupNameAttribute to the same
value as userNameAttribute.
* No default.

Working example below: authentication.conf

[LDAP_Test]
groupBaseDN = CN=AD-Group-1,OU=Groups,DC=WIN,DC=LOCAL;CN=AD-Group-2,OU=Groups,DC=WIN,DC=LOCAL
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = <\your_AD_server_hostname>
nestedGroups = 0
network_timeout = 20
port = 389/636 <\remove this comment - 636 is for ssl>
realNameAttribute = cn
sizelimit = 1000
timelimit = 15
userBaseDN = OU=Accounts,DC=WIN,DC=LOCAL
userNameAttribute = samaccountname


[roleMap_LDAP_Test]
splunk_custom_role = AD-Group-1;AD-Group-2

View solution in original post

0 Karma

nareshinsvu
Builder

@daniel333 - Yes you can. Separate the groups with a semicolon while defining LDAP strategy. And then define a rolemap as shown in the below example. The same can be achieved through GUI as well.

groupBaseDN = [<\string>;<\string>;...]
* The LDAP Distinguished Names of LDAP entries whose subtrees contain
the groups.
* Required.
* Enter a semicolon (;) delimited list to search multiple trees.
* If your LDAP environment does not have group entries, there is a
configuration that can treat each user as its own group:
* Set groupBaseDN to the same as userBaseDN, which means you search
for groups in the same place as users.
* Next, set the groupMemberAttribute and groupMappingAttribute to the same
setting as userNameAttribute.
* This means the entry, when treated as a group, uses the username
value as its only member.
* For clarity, also set groupNameAttribute to the same
value as userNameAttribute.
* No default.

Working example below: authentication.conf

[LDAP_Test]
groupBaseDN = CN=AD-Group-1,OU=Groups,DC=WIN,DC=LOCAL;CN=AD-Group-2,OU=Groups,DC=WIN,DC=LOCAL
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = <\your_AD_server_hostname>
nestedGroups = 0
network_timeout = 20
port = 389/636 <\remove this comment - 636 is for ssl>
realNameAttribute = cn
sizelimit = 1000
timelimit = 15
userBaseDN = OU=Accounts,DC=WIN,DC=LOCAL
userNameAttribute = samaccountname


[roleMap_LDAP_Test]
splunk_custom_role = AD-Group-1;AD-Group-2
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...