Enter the network Port that the Splunk platform is to use to connect to your LDAP server.Īt this time, there is no support for IPv6 address formats on Windows.By default LDAP servers listen on TCP port 389.LDAPS, or Secure LDAP, listens on TCP port 636.This setting is recommended for security.You must also have SSL enabled on your LDAP server.This is the distinguished name that the Splunk platform uses to bind to the LDAP server.It is typically, but not necessarily, the administrator. This user needs to have read access to all LDAP user and group entries that you want to retrieve. Leave blank if an anonymous bind is acceptable.Enter and confirm the Bind DN password for the binding user.What are the three main default roles in splunk enterprise password# You can specify multiple user base DN entries by separating them with semicolons. The Splunk platform uses this attribute to locate user information.You must set this attribute for authentication to work.Enter the User base filter for the object class you want to filter your users on.This is recommended to return only applicable users.Default value is empty, meaning no user entry filtering.Enter the User name attribute that contains the user name.The username attribute cannot contain white spaces.In Active Directory, this is typically sAMAccountName, but you can also authenticate on other attributes, like cn.The value uid works for most other configurations.Enter the Real name attribute, or the common name, of the user.Typical values are displayName or cn (common name).This is the user attribute that group entries use to define their members.The default is dn for Active Directory set this attribute only if groups are mapped using some other attribute besides user DN.For example, a typical attribute used to map users to groups is dn.You can specify multiple group base DN entries by separating them with semicolons. This is the location of the user groups in LDAP.If your LDAP environment does not have group entries, you can treat each user as its own group.Set groupBaseDN to the same value as userBaseDN.This means you will search for groups in the same place as users. Next, set the groupMemberAttribute and groupMappingAttribute to the same attribute as userNameAttribute.This means the entry, when treated as a group, will use the username value as its only member. For clarity, also set groupNameAttribute to the same value as userNameAttribute.For best results when integrating Active Directory, place your Group Base DN in a separate hierarchy than the User Base DN.Enter the Static group search filter for the object class you want to filter your static groups on.This is recommended to return only applicable groups.Default value is empty, meaning no static group entry filtering.įor example: (|(objectclass=groupofNames)(objectclass=groupofUniqueNames)).This is the group entry attribute whose value stores the group name.This is the group attribute whose values are the group's members.This is typically member, uniqueMember, or memberUid.To expand nested groups, check Nested groups.This controls whether the Splunk platform will expand nested groups using the 'memberof' attribute.Only check this if you have nested groups that leverage the 'memberof' attribute to resolve their members. On OpenLDAP, you need to explicitly enable the 'memberof' overlay. What are the three main default roles in splunk enterprise password#.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |