Splunk® Enterprise

Securing the Splunk Platform

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Map LDAP groups and users to Splunk roles in the configuration files

Once you've set up LDAP authentication and users, you can map your LDAP groups and users to roles in Splunk Web. To set up LDAP for Splunk Enterprise, see Configure LDAP with the configuration file in this manual.

As an alternative to using Splunk Web to map roles, you can directly edit your authentication.conf contained in $SPLUNK_HOME/etc/system/local/. There are further examples at the end of the authentication.conf spec file.

For information on configuration files in general, see About configuration files In the Admin Manual.

Map groups to roles

To map Splunk roles to a strategy's LDAP groups, you need to set up a roleMap stanza for that strategy. Each strategy requires its own roleMap stanza. This example maps roles for groups in the "ldaphost1" strategy. In your authentication.conf file in $SPLUNK_HOME/etc/system/local/: 

[roleMap_ldaphost1]
admin = SplunkAdmins
itusers = ITAdmins

Map users directly to roles

If you need to map users directly to Splunk roles, you can do so by setting the groupBaseDN setting in authentication.conf to the value of userBaseDN.

Also set the following attributes to the same value as userNameAttribute:

  • groupMappingAttribute
  • groupMemberAttribute
  • groupNameAttribute

For example: 

[supportLDAP]
SSLEnabled = 0
bindDN = cn=Directory Manager
bindDNpassword = #########
groupBaseDN = ou=People,dc=splunksupport,dc=com
groupBaseFilter = (objectclass=*)
groupMappingAttribute = MyUserID
groupMemberAttribute = MyUserID
groupNameAttribute = MyUserID
host = supportldap.splunksupport.com
port = 389
realNameAttribute = cn
userBaseDN = ou=People,dc=splunksupport,dc=com
userBaseFilter = (objectclass=*)
userNameAttribute = MyUserID

[roleMap_supportLDAP]
admin = rlee;bsmith
Last modified on 04 June, 2018
PREVIOUS
Configure LDAP using configuration files 		  NEXT
Test your LDAP configuration

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.1.0, 8.1.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters