The dojo of Splunk. Learn, share, teach, mentor.

Welcome to
splunkninja

Sign Up
or Sign In

Or sign in with:

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Added by Michael Wilde
Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Added by Michael Wilde

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Added by Michael Wilde

Latest Activity

William S and Please... Dee Esssss :-) joined splunkninja

1 hour ago

Amine Recoba is now a member of splunkninja

yesterday

Welcome Them!

Michael Wilde replied to Nikita's discussion Count failures and success via transaction

"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"

Friday

Linus Myrefelt updated their profile

May 22

Marie updated their profile

May 21

Marie is now a member of splunkninja

May 21

Welcome Them!

Jitter and matthew arguin joined splunkninja

May 18

Matthew Carter and Nikita joined splunkninja

May 17

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

In this long form video, I discuss how to setup Splunk to authenticate with your LDAP directory. An extensive overview of each component of the directory relevant to Splunk authentication is covered, including mapping Roles in Splunk to Groups in LDAP.

720p with Fullscreen Toggle is here: http://blip.tv/file/2878148. This video is downloadable as well.

Get Embed Code

Tags: authentication, ldap, roles, splunk

Comment by Michael Wilde on November 23, 2009 at 11:57am: Note: Splunk loads up the list of users in your directory only upon restart, or if you manually reload the authentication config from the LDAP settings. If you add a new user to your directory, you'll find you can't login right away until the list of users is updated. Irritating. Slightly.

Amrit mentions how you can script the reload of auth on a periodic basis (with cron, perhaps) in his blog post here:

http://blogs.splunk.com/amrit/2009/08/20/reload-4-auth/

Rumor has it this issue will be fixed in 2010.

Comment by Mike Hartford on February 7, 2012 at 2:01pm: I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk. Can I keep the domain admins out of Splunk if I have LDAP authentication???

Comment by Michael Wilde on February 8, 2012 at 12:17pm: Sure... When you do group mapping, map them to groups that don't have the domain admins in them. I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users assigned to them. If you're not in one of those groups--you ain't gettin' in yo!.

Comment by Mike Hartford on February 8, 2012 at 12:19pm: Got it thanks

Comment by lee mason on March 16, 2012 at 5:08am: Amazingly helpful article thanks

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Splunk + SCOM - Troubleshooting .NET at Lightspeed!