Configure Splunk to work with FreeIPA LDAP

I have successfully configured this using
- Splunk Server 7
- FreeIPA Server 4.4

Keep in mind that you can configure multiple LDAP strategies, which means you can have people from multiple LDAP servers logging into your Splunk server.

From Splunk Management UI, login as an administrative account

- Settings --> Access Controls
- Click Authentication Method
- Select LDAP
- Click "LDAP Settings" to continue to configurations
- Click New

Fill out the form as below:
If I don't mention a field, it can be left empty.


  • LDAP Strategy Name: Any name you want
  • Host: The hostname (server name) of the machine running LDAP
  • Port: If you run SSL on your LDAP server, this would be 636. Otherwise 389
  • SSL Enabled: Check this box if you do have SSL enabled


  • User base DN: cn=users,cn=accounts,dc=ops,dc=company,dc=com
  • User base filter: Fill this out if you want to and know how. Used to restrict/filter who can login
  • User name attribute: uid
  • Real name attribute: cn
  • Email attribute: mail


  • Group base DN: cn=groups,cn=accounts,dc=ops,dc=company,dc=com
  • Static group search filter: Fill out if you want and know how. Used to restrict/filter which group scan login
  • Group name attribute: cn
  • Static member attribute: cn


Select "Nested group" if this is the case for you.

1 comment:

  1. Wow!! very useful article that you have shared here about the Splunk. Your article is very interesting and I would like to thank you for sharing this one here. splunk Rex Examples

    ReplyDelete

Help a friend, share your knowledge