- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- active directory - how to map user to role ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
active directory - how to map user to role ?
Hi Gurus,
I have connected Splunk server to my Active Directory server. I see LDAP groups and everything seems to be fine... but I cant login as user from selected Active Directory group. In the splunkd.log file I see this:
05-08-2013 22:18:12.304 +0200 ERROR AuthenticationManagerLDAP - user="konrad" has matching LDAP groups with strategy="AD", but none are mapped to Splunk roles
05-08-2013 22:18:12.304 +0200 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="konrad" on any configured servers
In my opinion it looks like wrong role mapping. How to configure role mapping in the proper way using Splunk gui ?
In this case Splunk documentation is not perfect for me. Maybe somebody could support me and tell me what to do ?
greetings from Europe
Konrad
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your mappings seems a little off. Here is a working version of LDAP Authentication that I used for group mappings. Make sure your LDAP mapping is correct by using an LDAP browser. My home lab use Windows 2008 R2 Native DC.
I chose to use user's email address (userPrincipalName) for logins. In AD the dn attribute is actually called distinguishedName. Case sensitivity is important.
[authentication]
authType = LDAP
authSettings = splunk_standarduser
[splunk_standarduser]
host = muppets.net
port = 389
SSLEnabled = 0
bindDN = service_splunk@muppets.net
bindDNpassword = encrypted_password
groupBaseDN = OU=DomainLocalGroups,OU=Groups,DC=muppets,DC=net
groupBaseFilter = (objectclass=*)
groupMappingAttribute = distinguishedName
groupMemberAttribute = member
groupNameAttribute = cn
realNameAttribute = displayName
userBaseDN = OU=ITusers,DC=muppets,DC=net
userBaseFilter = (objectclass=*)
userNameAttribute = userPrincipalName
[roleMap_splunk_standarduser]
admin = serverTeam
user = appTeam
Hope this helps or gets you started. Don't forget to vote and accept answers.
Cheers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Konrad!
Pozdrowienia z Polski 🙂
To map the groups to roles go to:
Manager->Access Controls->Authentication method->Configure Splunk to use LDAP and map groups->In the Actions section of your LDAP strategy you'll see "Map groups".
Select the right group and the role you want to match with it.
Hope it helps 🙂
asia
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jtworzydlo,
That's right, great suggestion, solved my problem..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perfect, thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for Your feedback. Unfortunately, I`m not able to paste here text... crapy "answers script... "
Here You have a link to my configuration file:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you post a scrubbed version of your Authentication.conf? I struggled with the first time too.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
