
Set up user authentication with LDAP
Splunk Enterprise supports three types of authentication systems:
- Native Splunk authentication, as described in "Set up user authentication with Splunk's built-in system."
- Lightweight Directory Access Protocol (LDAP), as described in this topic.
- A scripted authentication API for use with an external authentication system, such as PAM or RADIUS, as described in "Set up user authentication with external systems."
About configuring LDAP authentication for Splunk Enterprise
Splunk Enterprise allows user and role configuration for LDAP users and groups. You can configure one or many LDAP servers and map users and user groups from your servers to Splunk roles. You can also configure authentication tokens
For more information about configuring multiple LDAP servers, see "How Splunk works with multiple LDAP servers."
Before you configure LDAP, take a look at "LDAP prerequisites and considerations."
After you configure LDAP as an authentication scheme, see Set up authentication with tokens for more information on creating authentication tokens for LDAP users.
How to configure LDAP authentication
These are the main steps to configure Splunk Enterprise to work with LDAP:
- Configure one or more LDAP strategies (typically, you configure one strategy per LDAP server).
- Map your LDAP groups to one or more Splunk roles.
- If you have multiple LDAP servers, specify the connection order of their servers.
You can perform these steps in Splunk Web or by editing the configuration file. See "Configure LDAP with Splunk Web" or "Configure LDAP with the configuration file" for more information.
Authentication precedence
Native Splunk authentication takes precedence over any external schemes. This is the order in which Splunk Enterprise authenticates a user:
- Splunk Enterprise attempts native authentication first. If the account is expired or otherwise fails, there is no follow up LDAP login attempt.
- If a local user does not exist, Splunk Enterprise attempts an LDAP login or a scripted authentication, if that is enabled. For more information about scripted authentication, see "Set up user authentication with external systems."
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has around LDAP authentication with Splunk.
PREVIOUS Troubleshoot token authentication |
NEXT Manage Splunk user roles with LDAP |
This documentation applies to the following versions of Splunk® Enterprise: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.1.0, 8.1.1, 8.1.2
Feedback submitted, thanks!