By default, Splunk authenticates using its own authentication system, which simply stores users and roles in flat files. The other two options available are LDAP and scripted authentication.
To enable LDAP authentication, perform the following steps:
- Navigate to
Settings
|Access controls
|Authentication method
- Check the LDAP checkbox
- Click on
Configure Splunk
to use LDAP and map groups - Click on
New
You will then need the appropriate values to set up access to your LDAP server.
Every organization sets up LDAP slightly differently, so I have never managed to configure this properly the first time. Your best bet is to copy the values from another application that is already configured in your organization.
Once LDAP is configured properly, you can map Splunk roles to the LDAP groups through the admin interface. Whether to use an existing group or create Splunk-specific groups is of...