Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

  • Blog Navigation
Using Open Directory Authentication in Splunk

Splunk is capable of authenticating users against LDAP, including Apple’s Open Directory.

To configure Splunk to authenticate against Apple’s Open Directory, start by logging into Splunk and creating a new LDAP strategy by navigating to the following:
Manager → Access controls → Authentication method

  • Check LDAP
  • Click Configure Splunk to use LDAP and map groups
  • Click New
  • Enter the below settings:

    LDAP strategy name: opendirectory

    Port: 389
    SSL: unchecked
    Bind DN: uid=diradmin,cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
    Bind DN Password: Open Directory diradmin password
    Confirm Password: Open Directory diradmin password

    User base DN: cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
    User base filter: blank
    User name attribute: uid
    Real name attribute: cn
    Group mapping attribute: uid

    Group base DN: cn=groups,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
    Static group search filter: blank
    Group name attribute: cn
    Static member attribute: memberuid
    Nested groups: unchecked

    Dynamic member attribute: blank
    Dynamic group search filter: blank

  • Click Save
  • Click Map groups
  • Select the group containing the people who should have access (in our case, “admin”)
  • Click add all >>
  • Click Save
  • Test by trying to log in as an LDAP / OD user from the admin group


Share This