Hi,
I got following behavior.
An ldap user is member of two roles. (role A = ldap groupA & role B = ldap groupB)
role A has properties set to srchIndexesAllowed = index1;index2;index3
role B has properties set to srchIndexesAllowed = index2;index4;index5
When searching for index=* the user only sees indexes from role A (index1;index2;index3).
In Splunk manager the user has both roles assigned.
What am I doing wrong?
we are currently running on 4.3.3.
thx,
harry
The problem was caused by a search filter set on role 'A' in authorize.conf.
here is the solution:
http://splunk-base.splunk.com/answers/57026/multiple-roles-inherited-from-ldap-group-memberships
thx
The problem was caused by a search filter set on role 'A' in authorize.conf.
here is the solution:
http://splunk-base.splunk.com/answers/57026/multiple-roles-inherited-from-ldap-group-memberships
thx
Hi harald_leitl
have a look at this answer, where you can find some basic ldap troubleshooting tips.
cheers,
Mus
As explained above, role 'A' is allowed to search through index1;index2;index3 and role 'B' is allowed to search through index2;index4;index5.
I thought, if I assign both roles the user would be capable of searching through index1;index2;index3;index4 and index5.
my search to verify the result:
index=*
The result I got:
Only events from index1;index2;index3 were included in the result.
The result I was looking for:
events from index1;index2;index3;index4 and index5 are shown
I don't think I have a problem with authentication and ldap.
In splunk manager I see that both splunk roles are assigned to the user.
However, it seems the user only gets capabilities of role 'A'.