Documentation > Splunk > Admin Manual > authentication.conf

Admin Manual

 


Welcome
What to do first
Start Splunk
Meet Splunk Web and Splunk Apps
Before you configure
Add data and configure inputs
Indexing and event processing
Timestamps
Add and manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Set up forwarding and receiving
Deploy to other Splunk instances
Set up distributed search
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

authentication.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

authentication.conf

The following are the spec and example files for authentication.conf.

authentication.conf.spec

# Copyright (C) 2005-2010 Splunk Inc.  All Rights Reserved.  Version 4.0
#
# This file contains possible attributes and values for configuring authentication via 
# authentication.conf.
#
# There is an authentication.conf in $SPLUNK_HOME/etc/system/default/.  To set custom configurations, 
# place an authentication.conf in $SPLUNK_HOME/etc/system/local/. For examples, see 
# authentication.conf.example.  You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles

[authentication]
	* Follow this stanza name with any number of the following attribute/value pairs.

authType = <string> 
    * Specify which authentication system to use.
    * Currently available: Splunk, LDAP, Scripted.
    * Defaults to Splunk.
        
authSettings = <string>
    * Key to look up the specific configurations of chosen authentication system.
    * <string> is the name of the stanza header [<authSettingsKey>].
    * This is used by LDAP and Scripted Authentication.

#####################
# LDAP settings
#####################

[<authSettings-key>]
    * Follow this stanza name with any number of the following attribute/value pairs.

host = <string>
    * Hostname of LDAP server.
    * Be sure that your Splunk server can resolve the host name.

port = <integer>
    * Specify the port that Splunk should use to connect to your LDAP server. 
    * By default, LDAP servers listen on TCP port 389.
    
pageSize = <integer>
	* Determines how many records to return at one time. 
	* Enter 0 to disable and revert to LDAPv2.
	* Defaults to 800.

SSLEnabled = <integer>
    * 0 for disabled.
    * 1 for enabled.
	* See the file $SPLUNK_HOME/etc/openldap/openldap.conf for SSL LDAP settings.	    

bindDN = <string>
    * Distinguished name of the user that will be retrieving the LDAP records.
    * This user needs to have access to all LDAP users you wish to add to Splunk.
        
bindDNpassword = <string>
    * Password for bindDN user.
        
groupBaseDN = <string>
    * Location of the user groups in LDAP.
    * You may provided a ';' delimited list to search multiple trees.
    * Setting this to the same value as userBaseDN treats each user as a group

groupBaseFilter = <string>
    * The object class you want to filter groups on.
    * Default value is objectclass=*, which should work for most configurations.
    * Splunk can also accept a POSIX-style GID as a group base filter.

groupMappingAttribute  = <string>
    * Groups are typically mapped with 'dn', so this can be left blank in most cases
    * This should be set when the list of users in a group are not specified with distinguished name
        * For example, sometimes 'uid' is used to define what users belong to a group
	
groupMemberAttribute = <string>
    * The attribute that defines what groups a user belongs to
    * This is usually 'member' or 'memberOf', depending on whether the memberships are listed in the group entry or the user entry.
    * The standard POSIX value is 'member'

groupNameAttribute = <string>
    * Set this only if users and groups are defined in the same subtree.
    * This is usually 'cn' (common name)

realNameAttribute = <string>
    * Name of LDAP user field to use for a human readable username
    	* For example 'name'
        
userBaseDN = <string>
    * Location of user records in LDAP.
    * Enter a ';' delimited list to search multiple trees.
    * You must set this value or authentication will not work.

userBaseFilter = <string>
	* The object class you want to filter users on.
	* Default value is objectclass=*, which should work for most configurations.
	* Or set a specific filter for users:
		* For example
			userBaseFilter = (|(department=IT)(department=HR)) 
			matches users who are in the IT department or HR department

userNameAttribute = <string>
    * NOTE: The username attribute cannot contain whitespace. The username is case sensitive.
    * In Active Directory, this is sAMAccountName.
    * The value uid should work for most configurations.
    
failsafeLogin  = <string>
    * REQUIRED - This user can log into Splunk regardless of whether LDAP is properly configured
    * This is also useful in the event that your LDAP server is unreachable.
    	*  IMPORTANT: This user has admin privileges on the Splunk install.
            
failsafePassword = <string>
    * Default password for your failsafe user.
    	
charset = <string>
    * OPTIONAL - ONLY set this for an LDAP setup that returns non-UTF-8 encoded data. LDAP is supposed to always return UTF-8 encoded data (See RFC 2251), but some tools incorrectly return other encodings
    * Follows the same format as CHARSET in props.conf (see props.conf.spec)
    * An example value would be "latin-1"
    	
#####################
# Map roles
#####################

[roleMap]
	* Follow this stanza name with the following attribute/value pair.

<RoleName>   =  <string>
    * Map LDAP roles to Splunk role (as defined in authorize.conf).
    * This list is semi-colon delimited (no spaces).

#####################
# Scripted authentication
#####################

[<authSettings-key>]
	* Follow this stanza name with any number of the following attribute/value pairs.

scriptPath = <string> 
   	* Full path to the script.
   	 * eg $SPLUNK_HOME/etc/system/bin/$MY_SCRIPT.

scriptSearchFilters = 0|1
        * Set to 1 to call the script to add search filters.
        * 0 disables.
        
# Cache timing:
# Use these settings to adjust the frequency at which Splunk calls your application. 
# Each call has its own timeout specified in seconds. Caching does not occur if not specified.

[cacheTiming]
getUserInfoTTL = <integer>
    * Timeout for getUserInfo in seconds.

getUserTypeTTL = <integer>
    * Timeout for getUsertype in seconds.

getUsersTTL = <integer>
      * Timeout for getUsers in seconds.

userLoginTTL = <integer>
      * Timeout for userLogin calls.

getSearchFilterTTL = <integer>
      * Timeout for search filters.

authentication.conf.example

# Copyright (C) 2005-2010 Splunk Inc.  All Rights Reserved.  Version 4.0
#
# This is an example authentication.conf.  Use this file to configure LDAP or toggle between LDAP 
# and Splunk's native authentication system.
#
# To use one or more of these configurations, copy the configuration block into authentication.conf 
# in $SPLUNK_HOME/etc/system/local/.  You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles

# Use Splunk's built-in authentication:
[auth]
authType = Splunk


# Use LDAP

[authentication]
authType = LDAP
authSettings = ldaphost


[ldaphost]
host = ldaphost.domain.com
pageSize = 0
port = 389
SSLEnabled = 0

failsafeLogin = failsafe
failsafePassword = fail

bindDN = cn=Directory Manager
bindDNpassword = password

groupBaseDN = ou=Groups,dc=splunk,dc=com;
groupBaseFilter = (objectclass=*)
groupMappingAttribute = dn
groupMemberAttribute = uniqueMember
groupNameAttribute = cn

realNameAttribute = givenName
userBaseDN = ou=People,dc=splunk,dc=com;
userBaseFilter = (objectclass=*)
userNameAttribute = uid

# You can also set a stanza to map roles you have created in authorize.conf to users in authentication.conf.

[roleMap]
admin = SplunkAdmins


# Sample Configuration for Sun LDAP Server:

[authentication]
authSettings = SunLDAP
authType = LDAP

[SunLDAP]
SSLEnabled = 0
bindDN = cn=Directory Manager
bindDNpassword = Directory_Manager_Password
failsafeLogin = splunk_failsafe
failsafePassword = you_specify_the_password
groupBaseDN = ou=Groups,dc=splunksupport,dc=com;
groupBaseFilter = (objectclass=*)
groupMappingAttribute = dn
groupMemberAttribute = uniqueMember
groupNameAttribute = cn
host = ldapbogus.splunksupport.com
pageSize = 0
port = 389
realNameAttribute = givenName
userBaseDN = ou=People,dc=splunksupport,dc=com;
userBaseFilter = (objectclass=*)
userNameAttribute = uid

[roleMap]
admin = SplunkAdmins
power = SplunkPowerUsers
user = SplunkUsers


# Sample Configuration for Active Directory:

[authentication]
authSettings = AD
authType = LDAP

[AD]
SSLEnabled = 0
bindDN = ldap_bind@splunksupport.kom
bindDNpassword = ldap_bind_user_password
failsafeLogin = splunk_failsafe
failsafePassword = you_specify_the_password
groupBaseDN = CN=Groups,DC=splunksupport,DC=kom;
groupBaseFilter = (objectclass=*)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ADbogus.splunksupport.kom
pageSize = 800
port = 389
realNameAttribute = cn
userBaseDN = CN=Users,DC=splunksupport,DC=kom;
userBaseFilter = (objectclass=*)
userNameAttribute = sAMAccountName

[roleMap]
admin = SplunkAdmins
power = SplunkPowerUsers
user = SplunkUsers


# Sample Configuration for OpenLDAP:

[authentication]
authSettings = OpenLDAP
authType = LDAP

[OpenLDAP]
bindDN = uid=directory_bind,cn=users,dc=osx,dc=company,dc=com
bindDNpassword = directory_bind_account_password
groupBaseFilter = (objectclass=*)
groupNameAttribute = cn
SSLEnabled = 0
port = 389
userBaseDN = cn=users,dc=osx,dc=company,dc=com;
host = hostname_OR_IP
failsafePassword = password
userBaseFilter = (objectclass=*)
userNameAttribute = uid
groupMappingAttribute = uid
groupBaseDN = dc=osx,dc=company,dc=com;
pageSize = 800
groupMemberAttribute = memberUid
realNameAttribute = cn
failsafeLogin = splunk_failsafe
failsafePassword = you_specify_the_password

[roleMap]
admin = SplunkAdmins
power = SplunkPowerUsers
user = SplunkUsers


# Scripted Auth examples

# The following example is for RADIUS authentication:

[authentication]
authType = Scripted
authSettings = script

[script]
scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/share/splunk/authScriptSamples/radiusScripted.py
scriptSearchFilters = 1


#  The following example works with PAM authentication:

[authentication]
authType = Scripted
authSettings = script

[script]
scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/share/splunk/authScriptSamples/pamScripted.py
scriptSearchFilters = 1

[cacheTiming]
userLoginTTL    = 1
searchFilterTTL = 1
getUserInfoTTL  = 1
getUserTypeTTL  = 1
getUsersTTL     = 1
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.3/Admin/Authenticationconf"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!