Hi.
I've managed to get my Splunk (5.0.latest) referring to my Active Directory Domain Controllers to allow a number of user logins, however at this time, it is only working if I explicitly specify the User and group DN's on the LDAP config page.
What I'd love to do is have the ldap Plugins simply look at the User OU and Group OU and allow me to then pick which groups I want to map.
I've tried fiddling with the silzelimit and a few other functions, and even pointing at an OU with only 1 user / group, but no matter what is tried, I always get the Query Size Limit Exceeded error.
Any ideas how I can resolve this issue?
Here is an example of a working section of the Authentication.conf:
[Admin Users]
SSLEnabled = 1
anonymous_referrals = 0
bindDN = CN=Splunk ldap,OU=Service Accounts,OU=STUFF,DC=DOMAIN,DC=ltd
bindDNpassword = blah
charset = utf8
groupBaseDN = CN=Splunk Sysadmins,OU=User Groups,OU=STUFF,DC=DOMAIN,DC=ltd
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = 10.100.100.11
nestedGroups = 1
network_timeout = 20
port = 3269
realNameAttribute = name
sizelimit = 10000
timelimit = 15
userBaseDN = CN=ME, CN=Users,DC=Vtesse,DC=ltd
userNameAttribute = samaccountname
TIA
... View more