
How Splunk Enterprise works with multiple LDAP servers
Splunk Enterprise can search against multiple LDAP servers when authenticating users. To configure multiple LDAP servers, you set up multiple LDAP "strategies," one for each LDAP server.
After you create your strategies, you can specify the order in which you want Splunk Enterprise to query the strategies when searching for LDAP users. If you do not specify a search order, Splunk Enterprise assigns a default "connection order" based on the order in which the strategies are created.
For more about the steps to configure LDAP strategies, see Configure LDAP with Splunk Web or Configure LDAP with the configuration file for more information.
How connection order works during a search
During authentication, Splunk Enterprise searches based on the strategies you created for your servers in the specified connection order. After Splunk Enterprise locates the user on a server, it stops searching and takes those credentials. If the user also has credentials on a server later in the search order, those credentials are ignored.
For example, assume that you configure and enable three strategies in this order: A, B, C. Splunk Enterprise will search the servers in that same order: A, B, C. If it finds the user on A, it stops looking. Even if the user also exists on B and C, Splunk Enterprise will only use A's credentials for that user. If Splunk Enterprise does not find the user on A, it searches the remaining servers: first B, then C.
If you later disable strategy A, Splunk Enterprise will search the remaining strategies in the order: B, C.
You can change the connection order at any time by editing the strategies' properties in Splunk Web or by changing the order of the strategies in the authSettings
attribute, as described in the authentication.conf spec file. For more information about editing this file for LDAP, see Edit authentication.conf.
Important: Any user created locally through Splunk authentication has precedence over an LDAP user of the same name. See About user authentication, for details.
PREVIOUS LDAP prerequisites and considerations |
NEXT Configure LDAP with Splunk Web |
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.1.0, 8.1.1, 8.1.2
Feedback submitted, thanks!