Hello,
because of some internal measures we must changes some settings within our Splunk installation. For example we need a strong authentication which I'll provide with an apache which will authenticate the user based on a client certificate and kerberos auth.
Within Splunk I use for authentication the LDAP option. Currently the username is only *"user"* and not *"user@domain"*. Because of the configuration with the kerberos auth I must change the usernames to *"user@domain"*.
Now I've created a second LDAP strategy with the modified username value. These modification has the consequence that now each user is double; *"user"* and *"user@domain"*.
Until now I've no problems, authentication with the old and the new user are working fine. The problems are the following:
1. Is it a good choice to use the FQDN in addition to the username? In the filesystem the folders are also with the @ character. Is this maybe a problem for the OS/software!?
2. How can I copy the existing user configurations such as saved searches/reports/dashboards to the new user profiles? I've tried to copy the complete content of the user folder *"user"* to *"user@domain"*. The curious is that not each configuration is visible in the new profile; for example from 10 saved searches only 6 are available. Within the "savedsearches.conf" in the filesystem I can see the missing configurations. I've already restarted the splunk deamon and executed the refresh function (*"https://.../de-DE/debug/refresh"*). I've also tried the solution from these [thread][1]. Sadly it has not solved my problem because the *"vsid"* attribute is not present in my conf file.
Has anyone a idea!?
Regards
seilemor
[1]: https://answers.splunk.com/answers/169872/how-to-copy-savedsearchesconf-from-one-user-to-ano.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
↧