auth.conf

auth.conf

auth.conf controls which authentication method is used (LDAP or native Splunk authentication) and contains settings for LDAP configuration. This file is written to when you use SplunkWeb to set up server authentication (Admin > Server > Authentication Configuration) and can also be configured manually.

When you wish to test changes to auth.conf, you do not need to restart the Splunk server. You can reload the file by using SplunkWeb > Admin > Server > Control > Reload Authentication Configuration.

auth.conf.spec

# Copyright (C) 2005-2007 Splunk Inc.  All Rights Reserved.  Version 3.0
# This file contains possible attributes and values for configuring authentication in auth.conf.
[<authSettings-key>]
Admin = <string>
        * Mapping of LDAP roles to Splunk role Admin.
        * This list is ';' delimited <no spaces>.
Power = <string>
        * Mapping of LDAP roles to Splunk role Power.
        * This list is ';' delimited <no spaces>.
User =  <string>
        * Mapping of LDAP roles to Splunk role User.
        * This list is ';' delimited <no spaces>.
SSLEnabled = <integer>
        * 0 for disabled.
        * 1 for enabled.
            * See the file $SPLUNK_HOME/etc/openldap/openldap.conf for SSL LDAP settings.
            
bindDN = <string>
        * Bind string for the manager that will be retrieving the records for LDAP.
        * This user needs to have access to all users you wish to add to Splunk.
bindDNpassword = <string>
        * Password for bindDN user.
        
failsafeLogin  = <string>
        * This user will allow you to authenticate into Splunk in the event that your LDAP server is unreachable.
            *  IMPORTANT: This user has admin privileges on the Splunk install.
            
failsafePassword = <string>
        * Default password for your failsafe user.
        
groupBaseDN = <string>
        * Location of the user groups in LDAP.
        * You may provided a ';' delimited list here to search multiple trees.
        
groupBaseFilter = <string>
        * The attribute that defines the group name. 
        * The standard OpenLDAP/POSIX value is group.
        * Default value is [objectclass=*].
groupMappingAttribute  = <string>
        * Name of LDAP group mapping when the list of users in a group do not match the dn of the user.
        * For example: sometimes this is a list of uid attributes not dn attibutes. 
        * In most cases, you can leave this field blank.
        
groupMemberAttribute = <string>
        * The attribute that specifies what members belong to this group.
        
groupNameAttribute = <string>
        * The attribute that specifies what groups a user belongs to.
        
host = <string>
        * Hostname of LDAP server.
        * Be sure that your Splunk Server can resolve the host name.
pageSize = <int>
        * This determines how many records to return at one time. 
        * Enter 0 to disable and revert to LDAPv2.
        * Defaults to 800.
port = <integer>
        * Specify the Port that Splunk should use to connect to your LDAP server. 
        * By default LDAP servers listen on TCP port 389. 
realNameAttribute = <string>
        * Name of LDAP user field to map to Splunk's realname field.
        
userBaseDN = <string>
        * Location of user records in LDAP.
        * You may provided a ';' delimited list here to search multiple trees.
userBaseFilter = <string>
        * The attribute that defines the user name. 
        * The standard OpenLDAP/POSIX value is user.
        * Default value is [objectclass=*].
userNameAttribute = <string>
        * Name of LDAP user field to map to Splunk's username field.
[auth]
authSettings = <string>
        * Configuration key to look up the specific configs of auth system chosen. 
        * This is only used by LDAP.
authType = <string> 
        * Which authentication system to use.
        * Currently available ones: Splunk, LDAP
host = <string>
        * Hostname of LDAP server.
        * Be sure that your Splunk Server can resolve the host name.
port = <integer>
        * Specify the Port that Splunk should use to connect to your LDAP server. 
        * By default LDAP servers listen on TCP port 389.

auth.conf.example

# Copyright (C) 2005-2007 Splunk Inc.  All Rights Reserved.  Version 3.0
# # EXAMPLE alert_action.conf
#
# You can use this example configuration file to customize Splunk's authentication and LDAP.
[auth]
authType = Splunk
# LDAP enabled system
[auth]
authSettings = LDAP-openldap
authType = LDAP
[LDAP-openldap]
SSLEnabled = 0
bindDN = CN=Administrator,CN=Users,dc=qa-ad,dc=splunk,dc=com
bindDNpassword = <BIND_PWD> 
failsafeLogin = ruairi
failsafePassword = <FAIL_SAFE_PWD>
groupBaseDN = CN=Users,dc=qa-ad,dc=splunk,dc=com;
groupNameAttribute = memberOf
host = 10.1.1.27
port = 389
realNameAttribute = cn
userBaseDN = CN=Users,dc=qa-ad,dc=splunk,dc=com;
userNameAttribute = sAMAccountName
Admin = CN=TestGroup1,CN=Users,DC=qa-ad,DC=splunk,DC=com;
Power = CN=TestGroup2,CN=Users,DC=qa-ad,DC=splunk,DC=com;
User =
groupBaseFilter = (objectclass=*)
groupMemberAttribute =
userBaseFilter = (objectclass=user)

• Was this topic useful?
• Post a comment