Professional Documents
Culture Documents
html
Unknown Title
<
Back |Home| Next >
Configuring Ldap authentication in splunk :-
Managing users and their access to splunk collected logs is very important aspect of access control to
avoid unauthorized access to sensitive data/logs. You can add users to splunk by using following three
methods. Most commonly used approach is LDAP or commonly called AD authentication. As in any
Enterprise active directory is used for user management. We can use existing AD configuration to add
and manage/update users in splunk. Below we will see step by step AD authentication configuration in
splunk.
1/5
2. Click on radio button in front of LDAP and then click “Configure Splunk to work with LDAP
3. Now you will get main LDAP strategy configuration settings page. Following are the main AD items
that you need to enter here –
a. LDAP connection settings – based on connection settings Splunk will talk to AD.
You can have multiple LDAP strategies such as – (i)strategy one for ready only access through an AD
Group mapping to Splunk roles (user & power user), (ii)strategy two for full access through another AD
Group mapping to other Splunk roles (Admin, Splunk-system-role) or similar.
This is distinguished name of your Splunk account that you created in AD. It is recommended you should
not use default AD administrator account or your own AD login here. You should create a dedicate
account for Splunk – no AD administrative privilege required on this account.
2/5
b. User Settings – Splunk will look for users in AD based on this
User base filter: leave this blank or you can enter specific AD search filter here
3/5
4/5
Comments
5/5