Splunk LDAP Configuration

LDAP Configuration:
First perform ldapsearch to make sure ldap search working so splunk can perform the same:
ldapsearch -h xxx.xx.xx.61 -p 389 -D”CN=SVCACC_CDH,OU=ServiceAccounts,DC=prod,DC=wudip,DC=com” -b “DC=prod,DC=dom,DC=com” -W | grep ‘do_group’

Go to Settings–> Access Controls –> Authentication method -> Configure splunk to use LDAP and map groups
-> Click New ->
Enter the configuration parameters
Strategy Name: <any name>
Host: xxx.xx.xx.61
Port: 389
Connection Order: 1

Bind DN: CN=SVCACC_CDH,OU=ServiceAccounts,DC=prod,DC=dom,DC=com

Bind Password: *****
Confirm Password: *****

User Settings:
User base DN: DC=prod,DC=dom,DC=com

User base filter:

User name attribute: samaccountname

Real name attribute: displayname

Group mapping attribute: dn

Group Settings:
Group base DN: DC=prod,DC=dom,DC=com

Static group search filter:

Group name attribute: cn

Static member attribute: member

<Rest is default values ..>
**** Make note ***
In Advanced settings:
Disable: Enable referrals with anonymous bind only

Click Save button and you should be able successfully able to start LDAP.

In case of any issue where it says credentials are invalid or some other error, check for detailed error information here:

In case of any errors:
Enable detailed logging using

mv /opt/splunk/var/log/splunk/splunkd.log /opt/splunk/var/log/splunk/splunkd.log.old
/opt/splunk/bin/start –debug
— analyze logs for details.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s