Security

active directory - how to map user to role ?

konradwawryn
Explorer

Hi Gurus,

I have connected Splunk server to my Active Directory server. I see LDAP groups and everything seems to be fine... but I cant login as user from selected Active Directory group. In the splunkd.log file I see this:

05-08-2013 22:18:12.304 +0200 ERROR AuthenticationManagerLDAP - user="konrad" has matching LDAP groups with strategy="AD", but none are mapped to Splunk roles
05-08-2013 22:18:12.304 +0200 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="konrad" on any configured servers

In my opinion it looks like wrong role mapping. How to configure role mapping in the proper way using Splunk gui ?
In this case Splunk documentation is not perfect for me. Maybe somebody could support me and tell me what to do ?

greetings from Europe

Konrad

0 Karma

bmacias84
Champion

Your mappings seems a little off. Here is a working version of LDAP Authentication that I used for group mappings. Make sure your LDAP mapping is correct by using an LDAP browser. My home lab use Windows 2008 R2 Native DC.

I chose to use user's email address (userPrincipalName) for logins. In AD the dn attribute is actually called distinguishedName. Case sensitivity is important.


[authentication]
authType = LDAP
authSettings = splunk_standarduser
[splunk_standarduser]
host = muppets.net
port = 389
SSLEnabled = 0
bindDN = service_splunk@muppets.net
bindDNpassword = encrypted_password
groupBaseDN = OU=DomainLocalGroups,OU=Groups,DC=muppets,DC=net
groupBaseFilter = (objectclass=*)
groupMappingAttribute = distinguishedName
groupMemberAttribute = member
groupNameAttribute = cn
realNameAttribute = displayName
userBaseDN = OU=ITusers,DC=muppets,DC=net
userBaseFilter = (objectclass=*)
userNameAttribute = userPrincipalName
[roleMap_splunk_standarduser]
admin = serverTeam
user = appTeam

Hope this helps or gets you started. Don't forget to vote and accept answers.

Cheers

jtworzydlo
Path Finder

Hi Konrad!
Pozdrowienia z Polski 🙂

To map the groups to roles go to:
Manager->Access Controls->Authentication method->Configure Splunk to use LDAP and map groups->In the Actions section of your LDAP strategy you'll see "Map groups".
Select the right group and the role you want to match with it.

Hope it helps 🙂
asia

cratoshg
New Member

jtworzydlo,

That's right, great suggestion, solved my problem..

0 Karma

aliimirza
Engager

Perfect, thanks.

0 Karma

konradwawryn
Explorer

thanks for Your feedback. Unfortunately, I`m not able to paste here text... crapy "answers script... "

Here You have a link to my configuration file:

http://justpaste.it/2lec

0 Karma

bmacias84
Champion

Could you post a scrubbed version of your Authentication.conf? I struggled with the first time too.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...