In order for this to work, the Splunk instances must be able to make successful LDAP queries to any domain controllers that would be returned by DNS, so be aware of any possible firewall or network changes that may be required to allow this communication. It also adds a degree of built-in redundancy since you’re not tied to the status of a single domain controller. This typically returns a multivalue DNS record, resolving to multiple domain controllers. However, a better practice would be to point to the top-level DNS name for your domain. In an Active Directory environment, you may point to a domain controller. It is generally considered a best practice to use a DNS name for the host and not rely on one host, which would be a single point of failure. The host running LDAP will vary based on your environment, and whether or not it is an Active Directory LDAP source or another provider. Let’s dig into each of these a bit further to better understand what we need. The information may seem complicated at first glance, and yes, there’s a lot to obtain. If possible, a standardized naming convention for groups requiring Splunk access which can be used to filter and identify relevant groups from LDAP.The location of groups which will require Splunk access (referred to the Group Base DN).The location of user data in your LDAP structure (referred to the User Base DN).A password associated with the Bind DN user.A service account that has permission to bind to the LDAP server (referred to the Bind DN).The port where LDAP is running on this host (TCP/636 (SSL – Recommended) or TCP/389 (insecure/plaintext) are typical values).There are several pieces of information necessary to get LDAP configured, including: This ensures a streamlined process for keeping accounts and credentials in sync when they’re updated. In terms of the account lifecycle, central management can be designed to automatically add and remove access to Splunk as employees join and leave your organization. To address the challenge they present, use a central authentication mechanism to allow the same credentials to log into Splunk and other corporate resources. Local accounts are easy to set up, but difficult to manage. A Quick Note on Using a Central Authentication Mechanism This article walks you through the initial information gathering, discusses how to implement the configuration, and reviews the necessary best practices for deployment. If you’re trying to get LDAP configured in your Splunk instance, there are a few things you should be aware of before you begin and as you go through the deployment process. Microsoft Active Directory) and is flexible in that it supports multiple sources. LDAP is one of the most popular forms of authentication for a variety of reasons–it integrates with a number of providers (e.g. Splunk offers a variety of authentication options, but the one we’ll focus on here is LDAP. Press ESC then type :wq! then press Enter.After setting up your Splunk environment, it’s often a good idea to configure a central authentication mechanism, particularly if you’re wanting to grow your Splunk user base.After making the above changes, save the configuration file:.In case of launcher, it will be as below:.The shall be the application used by Splunk.Navigate to /opt/splunk/etc/apps//local/nf:.Any name will do, but note that it will be used as the clientId in the requests below. Select Access > Authentication Agents > Add New.Add an agent entry in the Security Console:.You can change the value for the communication port number to any free port.Check the box to Enable Authentication API.Navigate to Setup > System Settings > RSA SecurID Authentication API.(Note you must be running RSA Authentication Manager 8.2 SP1 or above to access this interface.) First, enable the REST API interface from the Security Console.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |