About the Splunk Supporting Add-on for Active Directory
|Windows Server Active Directory (LDAP) services
The Splunk Supporting Add-on for Active Directory lets you collect Active Directory schema and other information from Active Directory as events and filter on those events.
How does it work?
The Splunk Supporting Add-on for Active Directory has the following uses:
- To generate events based on the contents of an LDAP server such as Active Directory.
- To augment events with information from an LDAP server such as Active Directory.
- To perform Active Directory group expansions.
In order to use the Splunk Supporting Add-on for Active Directory, you must configure it. Read "Install the Splunk Supporting Add-on for Active Directory" to learn how.
How do I get it?
You can download the add-on from Splunkbase.
How do I upgrade from a previous version?
To upgrade from a previous version of the Splunk Supporting Add-on for Active Directory, rename ldap3 folder located in
/apps/SA-ldapsearch/bin/packages directory to
ldap_old on search head and then install this version directly on top of the previous version. You can use Splunk Web or the CLI, or you can upgrade it from the command line. In this version we have updated ldap3 package from v 0.9.5 to v2.5 to solve performance issues.
Note: If you have a previous version installed, on upgrade, the app maintains
ldap.conf from the previous installation. When you add any new domains to search, the add-on stores the credentials securely, instead of in the ldap.conf file. If you edit an existing domain entry using the new Configuration page, it also stores those credentials securely. Existing entries that you do not edit continue to have their credentials stored locally.
What search commands come with it?
There are four search commands and one test command in this add-on. Once configured, the add-on uses the configuration for all the commands. You can learn more about the commands in the following topics:
- The "ldapsearch" command
- The "ldapfilter" command
- The "ldapfetch" command
- The "ldapgroup" command
- The "ldaptestconnection" command
Where can I ask questions and get help?
You can visit Splunk Answers to discuss and get help on the Splunk Supporting Add-on for Active Directory. See "How to get support and find out more information about Splunk Enterprise" for additional support options.
How this add-on fits into the Splunk picture
This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 3.0.8