authentication.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
authentication.conf
authentication.conf controls which authentication method is used (LDAP or native Splunk authentication) and contains settings for LDAP configuration. This file is written to when you use SplunkWeb to set up server authentication (Admin > Server > Authentication Configuration) and can also be configured manually.
When you wish to test changes to authentication.conf, you do not need to restart the Splunk server. You can reload the file by using SplunkWeb > Admin > Server > Control > Reload Authentication Configuration.
authentication.conf.spec
# This file contains possible attributes and values for configuring authentication via
# authentication.conf.
#
# There is an authentication.conf in $SPLUNK_HOME/etc/bundles/default/. To set custom configurations,
# place an authentication.conf in your own custom bundle directory.
#
# For help creating a bundle directory, or to learn more about bundles (including bundle precedence)
# please see the documentation located at http://www.splunk.com/doc/latest/admin/bundleconfig.
[authentication]
* Follow this stanza name with any number of the following attribute/value pairs.
authType = <string>
* Which authentication system to use.
* Currently available ones: Splunk, LDAP.
* Defaults to Splunk.
#####################
# LDAP settings
#####################
authSettings = <string>
* Configuration key to look up the specific configurations of chosen authentication system.
* This is only used by LDAP.
host = <string>
* Hostname of LDAP server.
* Be sure that your Splunk Server can resolve the host name.
port = <integer>
* Specify the port that Splunk should use to connect to your LDAP server.
* By default, LDAP servers listen on TCP port 389.
[<authSettings-key>]
* Follow this stanza name with any number of the following attribute/value pairs.
Admin = <string>
* Map LDAP to Splunk role Admin.
* This list is ';' delimited (no spaces).
Power = <string>
* Map LDAP to Splunk role Power.
* This list is ';' delimited (no spaces).
User = <string>
* Map LDAP to Splunk role User.
* This list is ';' delimited (no spaces).
SSLEnabled = <integer>
* 0 for disabled.
* 1 for enabled.
* See the file $SPLUNK_HOME/etc/openldap/ldap.conf for SSL LDAP settings.
bindDN = <string>
* Bind string for the manager that will be retrieving the LDAP records.
* This user needs to have access to all LDAP users you wish to add to Splunk.
bindDNpassword = <string>
* Password for bindDN user.
failsafeLogin = <string>
* This login allows you to log into Splunk in the event that your LDAP server is unreachable.
* IMPORTANT: This user has admin privileges on the Splunk install.
failsafePassword = <string>
* Default password for your failsafe user.
groupBaseDN = <string>
* Location of the user groups in LDAP.
* You may provided a ';' delimited list to search multiple trees.
groupBaseFilter = <string>
* The attribute that defines the group name.
* The standard OpenLDAP/POSIX value is group.
* Default value is [objectclass=*].
groupMappingAttribute = <string>
* Name of LDAP group mapping when the list of users in a group do not match the dn of the user.
* Sometimes this is a list of uid attributes and not dn attributes.
* In most cases, you can leave this field blank.
groupMemberAttribute = <string>
* The attribute that specifies what members belong to this group.
groupNameAttribute = <string>
* The attribute that specifies what groups a user belongs to.
pageSize = <integer>
* This determines how many records to return at one time.
* Enter 0 to disable and revert to LDAPv2.
* Defaults to 800.
realNameAttribute = <string>
* Name of LDAP user field to map to Splunk's realname field.
* For example, cn.
userBaseDN = <string>
* Location of user records in LDAP.
* Enter a ';' delimited list to search multiple trees.
userBaseFilter = <string>
* The attribute that defines the user name.
* The standard OpenLDAP/POSIX value is user.
* Default value is [objectclass=*].
userNameAttribute = <string>
* Name of LDAP user field to map to Splunk's username field.
* For example, uid.
#####################
# Map roles
#####################
[roleMapping]
* Follow this stanza name with the following attribute/value pair.
<RoleName> = <string>
* Map LDAP roles to Splunk role (as defined in authorize.conf).
* This list is semi-colon delimited (no spaces).
#####################
# Scripted auth
#####################
[<authSettings-key>]
* Follow this stanza name with any number of the following attribute/value pairs.
programPath = <string>
* Full path to program that runs the script
* eg /usr/bin/python
scriptPath = <string>
* Full path to the script.
authentication.conf.example
# This is an example authentication.conf. Use this file to configure LDAP or toggle between LDAP # and Splunk's native authentication system. # # There is a default authentication.conf in $SPLUNK_HOME/etc/bundles/default/. Use this example file # to create your own custom authentication.conf. To set custom configurations, place an # authentication.conf in your own custom bundle directory. # Use Splunk's built-in authentication: [auth] authType = Splunk # OR use LDAP: [auth] authSettings = LDAP-openldap authType = LDAP [LDAP-openldap] SSLEnabled = 0 bindDN = CN=Administrator,CN=Users,dc=qa-ad,dc=splunk,dc=com bindDNpassword = <BIND_PWD> failsafeLogin = ruairi failsafePassword = <FAIL_SAFE_PWD> groupBaseDN = CN=Users,dc=qa-ad,dc=splunk,dc=com; groupNameAttribute = memberOf host = 10.1.1.27 port = 389 realNameAttribute = cn userBaseDN = CN=Users,dc=qa-ad,dc=splunk,dc=com; userNameAttribute = sAMAccountName Admin = CN=TestGroup1,CN=Users,DC=qa-ad,DC=splunk,DC=com; Power = CN=TestGroup2,CN=Users,DC=qa-ad,DC=splunk,DC=com; User = groupBaseFilter = (objectclass=*) groupMemberAttribute = userBaseFilter = (objectclass=user)
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.