Which of the following must be done to define user permissions when integrating Splunk with LDAP?
Which of the following must be done to define user permissions when integrating Splunk with LDAP?
To define user permissions when integrating Splunk with LDAP, you must map LDAP groups to Splunk roles. This is essential because it allows you to leverage the existing group structures within LDAP to manage permissions at a group level, simplifying administration and ensuring consistent access control. If groups are not used in your LDAP environment, users can be mapped individually, but mapping groups is the primary and recommended method given its efficiency and ease of management.
Answer is B. Map LDAP groups to Splunk roles.
Agreed B. Not A and B per the Splunk Reference URL Quoting below https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/ConfigureLDAPwithSplunkWeb "You can map either users or groups, but not both. If you are using groups, all users must be members of an appropriate group. Groups inherit capabilities form the highest level role they're a member of." "If your LDAP environment does not have group entries, you can treat each user as its own group."
answer: B
Once you have configured Splunk Enterprise to authenticate via your LDAP server, map your LDAP groups to Splunk roles. If you do not use groups, you can map users individually. from https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/ConfigureLDAPwithSplunkWeb
A and B are correct. as both groups and users can be mapped to splunk roles
Confirmed A and B. "After you have configured the Splunk platform to authenticate using your LDAP server, map LDAP groups in your environment to Splunk roles. If you do not use groups, you can map users individually." https://docs.splunk.com/Documentation/Splunk/8.2.0/Security/ConfigureLDAPwithSplunkWeb
Confirmed A and B. "After you have configured the Splunk platform to authenticate using your LDAP server, map LDAP groups in your environment to Splunk roles. If you do not use groups, you can map users individually." https://docs.splunk.com/Documentation/Splunk/8.2.0/Security/ConfigureLDAPwithSplunkWeb
thoughts on that one?
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigureLDAPwithSplunkWeb#:~:text=There%20are%20three,their%20connection%20order.
I would say B is the answer though that is not explicitly stated in the following link https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/ConsiderationsfordecidinghowtomonitorWindowsdata