auth.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
auth.conf
Auth.conf controls which authentication method is used (LDAP or native Splunk authentication) and contains settings for LDAP configuration. This file is written to when you use SplunkWeb to set up server authentication (Admin > Server > Authentication Configuration) and can also be configured manually.
To edit this configuration for your local Splunk server, make your edits in $SPLUNK_HOME/etc/bundles/local/auth.conf. If the file does not exist, you can copy the example file from $SPLUNK_HOME/etc/bundles/README/auth.conf.example and use that to edit.
Never edit files in our default bundle in $SPLUNK_HOME/etc/bundles/default or your changes may be overwritten in an upgrade.
When you wish to test changes to auth.conf, you do not need to restart the Splunk server. You can reload the file by using SplunkWeb > Admin > Server > Control > Reload Authentication Configuration.
auth.conf.spec
# Copyright (C) 2005-2007 Splunk Inc. All Rights Reserved. Version 3.0
# This file illustrates the auth.conf spec
[auth]
authType = <string>
* what auth system to use, currently available ones ( Splunk, LDAP )
authSettings = <string>
* configuration key to look up the specific configs of auth system chosen. This is only used by LDAP right now as splunk auth has no configuration.
[<authSettings-key>]
host = <string>
* hostname of LDAP server.
port = <integer>
* port LDAP is listening on.
SSLEnabled = <integer>
* 0 for disabled.
1 for enabled.
See the file $SPLUNK_HOME/etc/openldap/openldap.conf for configuration SSL.
bindDN = <string>
* Bind string for the manager that will be retrieving the records for LDAP.
This user needs to have access to all users you wish to add to Splunk.
password = <string>
* password for bindDN user.
baseDN = <string>
* root of LDAP server. Lowest point from which Splunk should read. You may provided a ';' de-limited list here
to search multiple trees.
groupBase = <string>
* location of the user groups in LDAP.
userBase = <string>
* location of user records in LDAP.
Admin = <string>
* Mapping of LDAP roles to Splunk role Admin, this list is ; delimited <no spaces>
Power = <string>
* Mapping of LDAP roles to Splunk role Power, this list is ; delimited <no spaces>
User = <string>
* Mapping of LDAP roles to Splunk role User, this list is ; delimited <no spaces>
userIDField = <string>
* name of LDAP user field we wanted mapped to splunks userId field.
usernameField = <string>
* name of LDAP user field we wanted mapped to Splunk's username field.
realnameField = <string>
* name of LDAP user field we wanted mapped to Splunk's realname field.
groupNameAttributes = <string>
* name of LDAP user field we wanted mapped to Splunk's role field.
groupMemberAttribute = <string>
* name of LDAP user field to map groups when groups are stored separate from user information.
groupMappingAttribute = <string>
* name of LDAP group mapping when the list of users in a group do not match the dn of the user.
For example: sometimes this is a list of uid attributes not dn attibutes. This value is rarely
changed. If you have any doubts about what this does, leave it alone.
pageSize = <int>
* The page size you wish the LDAP module to request per search request. This is for servers
that set a limit on the number of results per request. Setting the page size to 0 will
cause the LDAP module to request results in one page. It will also set the LDAP connection
to LDAPv2 which may be required for older LDAP servers.
defaultLogin = <string>
* Default login that can be used to login when LDAP is not contactable, or no roles have been set.
defaultPassword = <string>
* default password.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 View the Article History for its revisions.