Splunk Enterprise (Free) LDAP auth in Apache

August 03, 2017

Reading time ~1 minute

Intro

I have used Splunk for years and still use Splunk Enterprise at work and for my own use as part of the Free license group. With Splunk Free you have to keep your daily quota below 500 MB. Splunk Free is technically Splunk Enterprise, but with certain features disabled. In my own environment Splunk and Apache are external facing, so that means if someone knows the URL they can simply login without any kind of authentication since Splunk Free disables this. The following is a block of code that can be used with Apache 2.4.

Apache Config

Adjust /etc/httpd/conf/extra/splunk.conf to match your own environment as needed.

# LDAP auth
<proxy https://0.0.0.0:7000/*>
  Require all denied
  AuthName "This Splunk Restricted Area Requires LDAP Authentication"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=domain,dc=net"
  Require ldap-group cn=splunk-staff,ou=Groups,dc=domain,dc=net
  AuthLDAPMaxSubGroupDepth 1
</proxy>

After reloading httpd we can see that visiting our Splunk page over SSL presents our login.

comments powered by Disqus

Generate passwords using Pwgen on Linux and macOS

Intro Pwgen is a password generator for creating easily memorable passwords. I stumbled across this tool and found it to be one of the best …… Continue reading

LDAP Mail Distribution Groups with Postfix

Published on May 01, 2018

Arch Linux Email Beta Project

Published on September 05, 2017