Did you know that your Active Directory is just a glorified LDAP?
| Topics: | tech |
|---|---|
| Tags: | authentication, LDAP, windows |
| Share: |
Microsoft Tube Surfers,
Wanted to take a minute to talk about authenticating Splunk against Active Directory. In case you didn’t know Active Directory is running on top of LDAP. While the guys up in Redmond do their best to make sure tha you have no need to know LDAP they give you the ability to interface with it over LDAP if you know what you’re doing. Let’s take this time to let you know what you need to do.
If you are comfortable with the command line you can run the command ldifede. The ldifde command is the windows equivalent of ldapsearch and should allow you to get an ldif entry for yourself and a group. With those two entries we should be able to come up with authentication.conf that will allow Splunk to authenticate users.
For those of you that are more comfortable with a GUI The Sysinternals team offers a nice utility called Active Directory Explorer. This gives you tree view of your Active Directory/LDAP structure.
The information provided from these utilities is pretty much everything you need to know in order to follow along with the documentation. If you are still struggling to get it working send an email to support@splunk.com with the output from the ldifde command and your authentication.conf and someone from team will help square you away.
May 13th, 2008 at 11:34 am
Great, this is just what I need. However, your documentation link is broken.
On another note, Nagios can also tie into your corporate windows ldap by just using apache authentication - here’s a sample entry from an apache.conf file.
Options None
AllowOverride All
Order allow,deny
Allow from all
AuthzLDAPAuthoritative Off
AuthLDAPBindDN “user@mydomain.com”
AuthLDAPBindPassword userpassword
AuthType Basic
AuthBasicProvider ldap
AuthName “Type a description here for users”
AuthLDAPURL “ldap://domain_controller.mydomain.com:3268/?sAMAccountName?sub?(memberOf=CN=IT_GROUP,OU=Groups,DC=mydomain,DC=com)”
Require valid-user
this will allow anyone in the IT_GROUP of the mydomain.com to get access. Where user is a user that can authenticate to your domain and your domain is mydomain.com, domain_controller@mydomain.com is a domain controller host that also must be running the global catalog (hence port 3268). The string inside (memberOf. . .) is dependent on the structure of your particular LDAP installation.
May 13th, 2008 at 11:39 am
Why doesn’t Splunk have a wikipedia entry? Or does it?
May 13th, 2008 at 11:46 am
thanks for pointing out the broken link. I’ve updated to point to the correct page.
July 16th, 2008 at 7:09 am
There is also a nice tool called active administrator that is a great help for active directory management tasks.
Like active directory explorer it can show the structure as a tree view but as for me it’s much more intuitive to use and much more complex solution.
The tool includes rich functionality for active directory auditing, group policy management and security delegation.