Using Open Directory Authentication in Splunk

November 6, 2012 Reed Kennedy

Splunk is capable of authenticating users against LDAP, including Apple’s Open Directory.

To configure Splunk to authenticate against Apple’s Open Directory, start by logging into Splunk and creating a new LDAP strategy by navigating to the following:
Manager → Access controls → Authentication method

  • Check LDAP
  • Click Configure Splunk to use LDAP and map groups
  • Click New
  • Enter the below settings:

    LDAP strategy name: opendirectory

    Host: opendirectory.sf.pivotallabs.com
    Port: 389
    SSL: unchecked
    Bind DN: uid=diradmin,cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
    Bind DN Password: Open Directory diradmin password
    Confirm Password: Open Directory diradmin password

    User base DN: cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
    User base filter: blank
    User name attribute: uid
    Real name attribute: cn
    Group mapping attribute: uid

    Group base DN: cn=groups,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
    Static group search filter: blank
    Group name attribute: cn
    Static member attribute: memberuid
    Nested groups: unchecked

    Dynamic member attribute: blank
    Dynamic group search filter: blank

  • Click Save
  • Click Map groups
  • Select the group containing the people who should have access (in our case, “admin”)
  • Click add all >>
  • Click Save
  • Test by trying to log in as an LDAP / OD user from the admin group

Done!

About the Author

Biography

More Content by Reed Kennedy
Previous
Demonstrating the Future of Data Science at the Strata Conference
Demonstrating the Future of Data Science at the Strata Conference

A wise man once said only a fool would attempt a live demonstration (anyone remember Bill Gates and Windows...

Next
Tracker Screencast: Release Markers
Tracker Screencast: Release Markers

What's a release? For us at Tracker it's a marker in your backlog that represents the most important mile...