Scribd Logo
Upload

Welcome to Scribd!

  • Unknown Title: Back Home Next

    Uploaded by

    DavidOkOk
    3 views5 pages

    Original Title

    learnsplunk.com-

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views5 pages

    Unknown Title: Back Home Next

    Uploaded by

    DavidOkOk

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    www.learnsplunk.com /splunk-ldap-authentication-configuration.

    html

    Unknown Title

    <
    Back |Home| Next >
    Configuring Ldap authentication in splunk :-

    Managing users and their access to splunk collected logs is very important aspect of access control to
    avoid unauthorized access to sensitive data/logs. You can add users to splunk by using following three
    methods. Most commonly used approach is LDAP or commonly called AD authentication. As in any
    Enterprise active directory is used for user management. We can use existing AD configuration to add
    and manage/update users in splunk. Below we will see step by step AD authentication configuration in
    splunk.

    1/5
    2. Click on radio button in front of LDAP and then click “Configure Splunk to work with LDAP

    3. Now you will get main LDAP strategy configuration settings page. Following are the main AD items
    that you need to enter here –

    a. LDAP connection settings – based on connection settings Splunk will talk to AD.

    LDAP strategy name: just a name.

    You can have multiple LDAP strategies such as – (i)strategy one for ready only access through an AD
    Group mapping to Splunk roles (user & power user), (ii)strategy two for full access through another AD
    Group mapping to other Splunk roles (Admin, Splunk-system-role) or similar.

    Default Splunk roles are – admin, can_delete, power, splunk-system-role, user.

    Port number: 389 (this is AD LDAP default)

    Connection order: default

    Bind DN: cn= AcctName Splunk,ou=yourSvcAcctOU,dc=yourDCName,dc=yourDCExtension

    This is distinguished name of your Splunk account that you created in AD. It is recommended you should
    not use default AD administrator account or your own AD login here. You should create a dedicate
    account for Splunk – no AD administrative privilege required on this account.

    Bind DN Password: enter the password of AD Splunk account

    2/5
    b. User Settings – Splunk will look for users in AD based on this

    User base DN: dc=yourDCName,dc=yourDCextension

    User base filter: leave this blank or you can enter specific AD search filter here

    User name attribute: samaccountname

    Real name attribute: displayname

    Group mapping attribute: dn

    3/5
    4/5
    Comments

    Not using Html Comment Box yet?

    StephenK · Jan 26, 2017

    Hi, this is very helpful to me. Thanks!


    Stephen

    5/5

    You might also like