SPLK-1003 · Question #205
Which of the following is true when authenticating users to Splunk using LDAP?
The correct answer is C. Splunk will search each LDAP strategy in the order in which they are listed in. When multiple LDAP strategies are configured in Splunk, Splunk authenticates users by searching each strategy in the order they are listed in authentication.conf. The first strategy that returns a successful match is used. Option A is false - LDAP groups are mapped to Splunk role
Question
Which of the following is true when authenticating users to Splunk using LDAP?
Options
- ALDAP group names must match the Splunk role name defined in authorize.conf.
- BSplunk only supports encrypted LDAP connections.
- CSplunk will search each LDAP strategy in the order in which they are listed in
- DLDAP will take precedence over local users with the same username as defined in etc/passwd.
How the community answered
(31 responses)- A3% (1)
- B6% (2)
- C90% (28)
Explanation
When multiple LDAP strategies are configured in Splunk, Splunk authenticates users by searching each strategy in the order they are listed in authentication.conf. The first strategy that returns a successful match is used. Option A is false - LDAP groups are mapped to Splunk roles via role mappings; the names do not need to match. Option B is false - Splunk supports both unencrypted LDAP and encrypted LDAPS. Option D is false - LDAP does not use /etc/passwd, and local Splunk users are evaluated based on the configured authentication order, not LDAP overriding /etc/passwd.
Topics
Community Discussion
No community discussion yet for this question.