Splunk is capable of authenticating users against LDAP, including Apple’s Open Directory.
To configure Splunk to authenticate against Apple’s Open Directory, start by logging into Splunk and creating a new LDAP strategy by navigating to the following:
Manager → Access controls → Authentication method
- Check LDAP
- Click Configure Splunk to use LDAP and map groups
- Click New
- Enter the below settings:
LDAP strategy name: opendirectory
Host: opendirectory.sf.pivotallabs.com
Port: 389
SSL: unchecked
Bind DN: uid=diradmin,cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
Bind DN Password: Open Directory diradmin password
Confirm Password: Open Directory diradmin passwordUser base DN: cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
User base filter: blank
User name attribute: uid
Real name attribute: cn
Group mapping attribute: uidGroup base DN: cn=groups,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
Static group search filter: blank
Group name attribute: cn
Static member attribute: memberuid
Nested groups: uncheckedDynamic member attribute: blank
Dynamic group search filter: blank - Click Save
- Click Map groups
- Select the group containing the people who should have access (in our case, “admin”)
- Click add all >>
- Click Save
- Test by trying to log in as an LDAP / OD user from the admin group
Done!
About the Author
