Using LDAP for authentication
By default, Splunk authenticates using its own authentication system, which simply stores users and roles in flat files. The other two options available are LDAP and scripted authentication.
To enable LDAP authentication, perform the following steps:
Navigate to Manager | Access controls | Authentication method.
Check the LDAP checkbox.
Click on Configure Splunk to use LDAP and map groups.
Click on New.
You will then need the appropriate values to set up access to your LDAP server. Every organization sets up LDAP slightly differently, so I have never managed to configure this properly the first time. Your best bet is to copy the values from another application already configured in your organization.
Once LDAP is configured properly, you can map Splunk roles to LDAP groups through the admin interface. Whether to use an existing group or create Splunk-specific groups is of course up to your organization, but most companies I have worked with opted to create a specific...
