What happens when the same username exists in Splunk as well as through LDAP?
What happens when the same username exists in Splunk as well as through LDAP?
When the same username exists in both Splunk and through LDAP, the LDAP settings take precedence. This means that authentication is attempted against the LDAP server first, and only if that fails will the Splunk-specific user settings be considered. This is consistent with standard practices in systems that integrate with LDAP for user authentication, where LDAP is typically prioritized to maintain centralized user management.
C, Splunk takes precendence
C is correct. Splunk platform attempts native authentication first. If authentication fails outside of a local account that doesn't exist, there is no attempt to use LDAP to log in. This is adapted from precedence of Splunk authentication schema.