Splunk, LDAP and Kanidm

This is an example LDAP configuration for Splunk connecting to Kanidm via LDAP.

The configuration goes into /opt/splunk/etc/system/local/authentication.conf

  • Replace kanidm.example.com with the hostname of the Kanidm server
  • Replace dc=kanidm,dc=example,dc=com with the LDAP-format domain name of the system.
  • Map your groups to your users. I’ve got two groups in Kanidm, splunk_users and splunk_admins
[authentication]
authSettings = kanidm.example.com
authType = LDAP

[kanidm.example.com]
SSLEnabled = 1
anonymous_referrals = 1
charset = utf8
emailAttribute = mail
enableRangeRetrieval = 0
groupBaseDN = dc=kanidm,dc=example,dc=com
groupBaseFilter = (class=group)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = name
host = kanidm.example.com
nestedGroups = 1
network_timeout = 20
pagelimit = -1
port = 636
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = dc=kanidm,dc=example,dc=com
userBaseFilter = (class=account)
userNameAttribute = name

[roleMap_kanidm.example.com]
admin = splunk_admins
user = splunk_users

August 8, 2021 · 1 min reading time
#kanidm #splunk #configuration