Splunk is capable of authenticating users against LDAP, including Apple's Open Directory.

To configure Splunk to authenticate against Apple's Open Directory, start by logging into Splunk and creating a new LDAP strategy by navigating to the following:
Manager → Access controls → Authentication method

• Check LDAP
• Click Configure Splunk to use LDAP and map groups
• Click New
• Enter the below settings:
  
  LDAP strategy name: opendirectory
  
  Host: opendirectory.sf.pivotallabs.com
  Port: 389
  SSL: unchecked
  Bind DN: uid=diradmin,cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
  Bind DN Password: Open Directory diradmin password
  Confirm Password: Open Directory diradmin password
  
  User base DN: cn=users,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
  User base filter: blank
  User name attribute: uid
  Real name attribute: cn
  Group mapping attribute: uid
  
  Group base DN: cn=groups,dc=opendirectory,dc=sf,dc=pivotallabs,dc=com
  Static group search filter: blank
  Group name attribute: cn
  Static member attribute: memberuid
  Nested groups: unchecked
  
  Dynamic member attribute: blank
  Dynamic group search filter: blank
  
  
• Click Save
• Click Map groups
• Select the group containing the people who should have access (in our case, "admin")
• Click add all >>
• Click Save
• Test by trying to log in as an LDAP / OD user from the admin group

Done!

The post Using Open Directory Authentication in Splunk appeared first on Pivotal Labs.