To use an LDAP authentication provider, your Splunk AppDynamics Controller Tenant must be able to connect to the external LDAP server. We recommend creating a user account in LDAP specifically for the Controller Tenant to use to authenticate itself to the server and run the queries. The Controller Tenant user only needs to have search privileges in LDAP.

You can map existing LDAP group definitions to roles in Splunk AppDynamics, however, your existing groups may not correspond directly to those roles. You can map LDAP groups to Controller Tenant roles by creating a group in LDAP for each role you want to map in Splunk AppDynamics. LDAP groups for each role provide you with a manageable, one-to-one correspondence between your LDAP groups and Splunk AppDynamics roles.

This is a possible LDAP group scheme for mapping in Splunk AppDynamics:

• AppDynamics-App1-ReadOnly
• AppDynamics-App1-Admins
• AppDynamics-App1-DashboardViewers
• AppDynamics-App2-ReadOnly
• AppDynamics-App2-Admins
• AppDynamics-App2-DashboardViewers

The sample group names imply having custom roles in Splunk AppDynamics targeted to specific applications, App1 and App2.

Naming the groups with a common prefix, as the AppDynamics-

(&(objectClass=group)(cn=AppDynamics-*))