|
I've configured my Splunk setup to use LDAP, and it shows the few users I've configured to meet my criteria in the list (see http://imgur.com/l5iTu) If, however, I try to log on using the correct LDAP credentials, I receive "Invalid username and password" error. If after that I log in as admin again, the user I attempted to log in as has disappeared from the list (see http://imgur.com/tUIDz) EDIT: Resynching the user list via the manager causes the username to reappear (curiouser and curiouser) I'm running on an Enterprise License (albeit it a trial one) -- there aren't any policy reasons why this behaviour would occur, are there? EDIT #2: Here's my authentication.conf: [authentication] authSettings = mycompany LDAP authType = LDAP [mycompany LDAP] SSLEnabled = 0 bindDNpassword = $1$sQ== charset = utf8 groupBaseDN = ou=Group,dc=mycompany,dc=com groupBaseFilter = (cn=splunk*) groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = ldap.int.mycompany.com port = 389 realNameAttribute = displayname userBaseDN = dc=mycompany,dc=com userBaseFilter = (ou=People) userNameAttribute = uid [roleMap] admin = splunk-admin splunk-admin = splunk-admin splunk-dev-viewers = splunk-dev-viewers splunk-ops-viewers = splunk-ops-viewers splunk-report-builders = splunk-report-builders splunk_qa_viewers = splunk-qa-viewers user = People;splunk-admin;splunk-dev-viewers;splunk-ops-viewers;splunk-qa-viewers;splunk-report-builders And here's my LDAP entry as an example: # andrewn, People, mycompany.com dn: cn=andrewn,ou=People,dc=mycompany,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: andrewn uid: andrewn givenName: Andrew sn: Nicholson homeDirectory: /home/andrewn gecos: Andrew Nicholson l: Melbourne st: Victoria uidNumber: xxxx displayName: Andrew Nicholson mail: andrew.nicholson@mycompany.com employeeType: Employee gidNumber: xxxxx loginShell: /bin/bash shadowLastChange: xxxxx And one of our LDAP groups: # splunk-admin, Group, mycompany.com dn: cn=splunk-admin,ou=Group,dc=mycompany,dc=com cn: splunk-admin objectClass: groupOfNames objectClass: top description: Splunk Administrators member: cn=xxxxxxx,ou=People,dc=mycompany,dc=com member: cn=andrewn,ou=People,dc=mycompany,dc=com member: cn=xxxxxxxx,ou=People,dc=mycompany,dc=com |
|
It could be that groupBaseDN is properly configured, but the userBaseDN is not. Support has seen issues with users disappearing in the manner you describe in the past. Take a look at the following url: http://www.splunk.com/base/Documentation/4.1.4/Admin/SetupuserauthenticationwithLDAP#Configure_LDAP Review the 'Test your LDAP configuration' section. This should be helpful in pointing out whatever variance may exist between groupBaseCN and userBaseDN. Based on what I see in your configuration, I would suggest a couple of changes to authentication.conf:
Thank you very much, that did indeed solve the problem :)
(16 Dec '10, 22:07)
andrewdotnich
|
and yes, the LDAP configuration is enabled.
What kind of LDAP server are you using? It would also be helpful to show your LDAP configuartion.