I’d like a file formal feature request of “multiple LDAP Strategies”. It is a common use case where an organization might have multple LDAP’s or Active Directories. These directories may/may not have trust established between them.
A UCP/DTR administator should have the ability to add a second, third, or n-th LDAP connection for authentication. One should be able to map roles to groups in each LDAP strategy and define what attribute in LDAP should represent the UID.
At Splunk, we have our Corporate AD, and another AD for our partners. Everyone in each AD should have access to our DTR (always) and UCP (if allowed). We recently created a one-way trust between the partner and splunk corp AD. Authentication works in windows across domains, but it is HELL to get it working with regular ldap (Even with ldapsearch). It would be really great if we didn’t even need to do trust between those AD’s and could just have UCP’s auth system be allowed auth to both.
We implemented this years ago in Splunk Enterprise and it makes life easy on users.
Desired date for feature: yesterday