authentication.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
authentication.conf
authentication.conf controls which authentication method is used (LDAP or native Splunk authentication) and contains settings for LDAP configuration. This file is written to when you use SplunkWeb to set up server authentication (Admin > Server > Authentication Configuration) and can also be configured manually.
When you wish to test changes to authentication.conf, you do not need to restart the Splunk server. You can reload the file by using SplunkWeb > Admin > Server > Control > Reload Authentication Configuration.
authentication.conf.spec
# Copyright (C) 2005-2008 Splunk Inc. All Rights Reserved. Version 3.0
#
# This file contains possible attributes and values for configuring authentication via
# authentication.conf.
#
# There is an authentication.conf in $SPLUNK_HOME/etc/system/default/. To set custom configurations,
# place an authentication.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
# authentication.conf.example. You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the documentation
# located at http://www.splunk.com/base/Documentation/latest/Admin/HowDoConfigurationFilesWork.
[authentication]
* Follow this stanza name with any number of the following attribute/value pairs.
authType = <string>
* Specify which authentication system to use.
* Currently available: Splunk, LDAP, Scripted.
* Defaults to Splunk.
authSettings = <string>
* Key to look up the specific configurations of chosen authentication system.
* <string> is the name of the stanza header [<authSettingsKey>].
* This is used by LDAP and Scripted Authentication.
#####################
# LDAP settings
#####################
[<authSettings-key>]
* Follow this stanza name with any number of the following attribute/value pairs.
host = <string>
* Hostname of LDAP server.
* Be sure that your Splunk server can resolve the host name.
port = <integer>
* Specify the port that Splunk should use to connect to your LDAP server.
* By default, LDAP servers listen on TCP port 389.
pageSize = <integer>
* Determines how many records to return at one time.
* Enter 0 to disable and revert to LDAPv2.
* Defaults to 800.
SSLEnabled = <integer>
* 0 for disabled.
* 1 for enabled.
* See the file $SPLUNK_HOME/etc/openldap/openldap.conf for SSL LDAP settings.
bindDN = <string>
* Bind string for the manager that will be retrieving the LDAP records.
* This user needs to have access to all LDAP users you wish to add to Splunk.
bindDNpassword = <string>
* Password for bindDN user.
groupBaseDN = <string>
* Location of the user groups in LDAP.
* You may provided a ';' delimited list to search multiple trees.
groupBaseFilter = <string>
* This attribute defines the group name.
* Default value is objectclass=*, which should work for most configurations.
* Splunk can also accept a POSIX-style GID as a group base filter.
groupMappingAttribute = <string>
* Name of LDAP group mapping when the list of users in a group do not match the dn of the user.
* Sometimes this is a list of uid attributes and not dn attributes.
* In most cases, you can leave this field blank.
groupMemberAttribute = <string>
* This is usually member or memberOf, depending on whether the memberships are listed in the group entry or the user entry.
* The standard POSIX value is member.
groupNameAttribute = <string>
* Set this only if users and groups are defined in the same tree.
* This is usually cn.
realNameAttribute = <string>
* Name of LDAP user field to map to Splunk's realname field.
* For example, cn.
userBaseDN = <string>
* Location of user records in LDAP.
* Enter a ';' delimited list to search multiple trees.
userBaseFilter = <string>
* The object class you want to filter users on.
* Default value is objectclass=*, which should work for most configurations.
* Or set a specific filter for users:
* For example
userBaseFilter = (|(department=IT)(department=HR))
matches users who are in the IT department or HR department
userNameAttribute = <string>
* NOTE: The username attribute cannot contain whitespace. The username is case sensitive.
* In Active Directory, this is sAMAccountName.
* The value uid should work for most configurations.
failsafeLogin = <string>
* This login allows you to log into Splunk in the event that your LDAP server is unreachable.
* IMPORTANT: This user has admin privileges on the Splunk install.
failsafePassword = <string>
* Default password for your failsafe user.
#####################
# Map roles
#####################
[roleMap]
* Follow this stanza name with the following attribute/value pair.
<RoleName> = <string>
* Map LDAP roles to Splunk role (as defined in authorize.conf).
* This list is semi-colon delimited (no spaces).
#####################
# Scripted authentication
#####################
[<authSettings-key>]
* Follow this stanza name with any number of the following attribute/value pairs.
scriptPath = <string>
* Full path to the script.
* eg $SPLUNK_HOME/etc/system/bin/$MY_SCRIPT.
scriptSearchFilters = 0|1
* Set to 1 to call the script to add search filters.
* 0 disables.
# Cache timing:
# Use these settings to adjust the frequency at which Splunk calls your application.
# Each call has its own timeout specified in seconds. Caching does not occur if not specified.
[cacheTiming]
getUserInfoTTL = <integer>
* Timeout for getUserInfo in seconds.
getUserTypeTTL = <integer>
* Timeout for getUsertype in seconds.
getUsersTTL = <integer>
* Timeout for getUsers in seconds.
userLoginTTL = <integer>
* Timeout for userLogin calls.
getSearchFilterTTL = <integer>
* Timeout for search filters.
authentication.conf.example
# Copyright (C) 2005-2008 Splunk Inc. All Rights Reserved. Version 3.0 # # This is an example authentication.conf. Use this file to configure LDAP or toggle between LDAP # and Splunk's native authentication system. # # To use one or more of these configurations, copy the configuration block into authentication.conf # in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to enable configurations. # # To learn more about configuration files (including precedence) please see the documentation # located at http://www.splunk.com/base/Documentation/latest/Admin/HowDoConfigurationFilesWork. # Use Splunk's built-in authentication: [auth] authType = Splunk # Use LDAP [authentication] authType = LDAP authSettings = ldaphost [ldaphost] host = ldaphost.domain.com pageSize = 0 port = 389 SSLEnabled = 0 failsafeLogin = failsafe failsafePassword = fail bindDN = cn=Directory Manager bindDNpassword = password groupBaseDN = ou=Groups,dc=splunk,dc=com; groupBaseFilter = (objectclass=*) groupMappingAttribute = dn groupMemberAttribute = uniqueMember groupNameAttribute = cn realNameAttribute = givenName userBaseDN = ou=People,dc=splunk,dc=com; userBaseFilter = (objectclass=*) userNameAttribute = uid # You can also set a stanza to map roles you have created in authorize.conf to users in authentication.conf. [roleMap] Admin = SplunkAdmins # Scripted Auth examples # The following example is for RADIUS authentication: [authentication] authType = Scripted authSettings = script [script] scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/share/splunk/authScriptSamples/radiusScripted.py scriptSearchFilters = 1 # The following example works with PAM authentication: [authentication] authType = Scripted authSettings = script [script] scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/share/splunk/authScriptSamples/pamScripted.py scriptSearchFilters = 1 [cacheTiming] userLoginTTL = 1 searchFilterTTL = 1 getUserInfoTTL = 1 getUserTypeTTL = 1 getUsersTTL = 1
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.