Map LDAP groups and users to Splunk roles using configuration files
After you set up LDAP authentication and users, you can map LDAP groups and users to roles in Splunk Web.
As an alternative to using Splunk Web to map roles, on Splunk Enterprise, you can edit the authentication.conf configuration file contained in $SPLUNK_HOME/etc/system/local/. There are further examples at the end of the authentication.conf spec file.
To set up LDAP for Splunk Enterprise using configuration files, see Configure LDAP using configuration files. For information on configuration files in general, see About configuration files In the Admin Manual.
Map groups to roles
To map Splunk roles to groups in an LDAP strategy, you must set up a roleMap stanza for that strategy in the authentication.conf file. Each strategy requires its own roleMap stanza. The following example maps roles for groups in the "ldaphost1" strategy:
[roleMap_ldaphost1]
admin = SplunkAdmins
itusers = ITAdmins
Map users to roles directly
If you need to map users directly to Splunk roles, you can do so by setting the groupBaseDN setting in the authentication.conf file to the value of userBaseDN.
Also configuring the following settings to the same value as userNameAttribute:
-
groupMappingAttribute -
groupMemberAttribute -
groupNameAttribute
See the following example:
[supportLDAP]
SSLEnabled = 0
bindDN = cn=Directory Manager
bindDNpassword = #########
groupBaseDN = ou=People,dc=splunksupport,dc=com
groupBaseFilter = (objectclass=*)
groupMappingAttribute = MyUserID
groupMemberAttribute = MyUserID
groupNameAttribute = MyUserID
host = supportldap.splunksupport.com
port = 389
realNameAttribute = cn
userBaseDN = ou=People,dc=splunksupport,dc=com
userBaseFilter = (objectclass=*)
userNameAttribute = MyUserID
[roleMap_supportLDAP]
admin = rlee;bsmith