Hi.
I've managed to get my Splunk (5.0.latest) referring to my Active Directory Domain Controllers to allow a number of user logins, however at this time, it is only working if I explicitly specify the User and group DN's on the LDAP config page.
What I'd love to do is have the ldap Plugins simply look at the User OU and Group OU and allow me to then pick which groups I want to map.
I've tried fiddling with the silzelimit and a few other functions, and even pointing at an OU with only 1 user / group, but no matter what is tried, I always get the Query Size Limit Exceeded error.
Any ideas how I can resolve this issue? Here is an example of a working section of the Authentication.conf: [Admin Users] SSLEnabled = 1 anonymous_referrals = 0 bindDN = CN=Splunk ldap,OU=Service Accounts,OU=STUFF,DC=DOMAIN,DC=ltd bindDNpassword = blah charset = utf8 groupBaseDN = CN=Splunk Sysadmins,OU=User Groups,OU=STUFF,DC=DOMAIN,DC=ltd groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = 10.100.100.11 nestedGroups = 1 network_timeout = 20 port = 3269 realNameAttribute = name sizelimit = 10000 timelimit = 15 userBaseDN = CN=ME, CN=Users,DC=Vtesse,DC=ltd userNameAttribute = samaccountname
TIA