# Splunk Enterprise (Free) LDAP auth in Apache

## August 03, 2017

Reading time ~1 minute

# Intro

I have used Splunk for years and still use Splunk Enterprise at work and for my own use as part of the Free license group. With Splunk Free you have to keep your daily quota below 500 MB. Splunk Free is technically Splunk Enterprise, but with certain features disabled. In my own environment Splunk and Apache are external facing, so that means if someone knows the URL they can simply login without any kind of authentication since Splunk Free disables this. The following is a block of code that can be used with Apache 2.4.

### Apache Config

Adjust /etc/httpd/conf/extra/splunk.conf to match your own environment as needed.

# LDAP auth
<proxy https://0.0.0.0:7000/*>
Require all denied
AuthName "This Splunk Restricted Area Requires LDAP Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=domain,dc=net"
Require ldap-group cn=splunk-staff,ou=Groups,dc=domain,dc=net
AuthLDAPMaxSubGroupDepth 1
</proxy>

After reloading httpd we can see that visiting our Splunk page over SSL presents our login.

comments powered by Disqus

### Generate passwords using Pwgen on Linux and macOS

Intro Pwgen is a password generator for creating easily memorable passwords. I stumbled across this tool and found it to be one of the best …… Continue reading

#### LDAP Mail Distribution Groups with Postfix

Published on May 01, 2018

#### Arch Linux Email Beta Project

Published on September 05, 2017