To use an LDAP authentication provider, your Controller must be able to connect to the external LDAP server. We recommend creating a user account in LDAP specifically for the Controller to authenticate itself to the server and run the queries. The Controller user only needs search privileges in LDAP.

You can map existing LDAP group definitions to roles in Splunk AppDynamics, however, your existing groups may not correspond directly to those roles. You can map LDAP groups to Controller roles by creating a group in LDAP for each role you want to map in Splunk AppDynamics. LDAP groups for each role provide you with a manageable, one-to-one correspondence between your LDAP groups and Splunk AppDynamics roles.

This is a possible LDAP group scheme for mapping in Splunk AppDynamics:

• AppDynamics-App1-ReadOnly
• AppDynamics-App1-Admins
• AppDynamics-App1-DashboardViewers
• AppDynamics-App2-ReadOnly
• AppDynamics-App2-Admins
• AppDynamics-App2-DashboardViewers

The sample group names imply having custom roles in Splunk AppDynamics that target specific applications, App1 and App2.

Naming the groups with a common prefix, as the AppDynamics-

(&(objectClass=group)(cn=AppDynamics-*))