LDAP Search Dashboard

Description:

This dashboard is designed to simplify Splunk’s LDAPSEARCH command. LDAP must be configured in your Splunk instance for this to work.

 

<form>
<label>LDAP objectClass/CN/OU Search</label>
<description>LDAPSEARCH Dashboard.</description>
<fieldset submitButton="true" autoRun="false">
<input type="radio" token="objectClass_field">
<label>objectClass</label>
<default>*</default>
<choice value="*">Any objectClass</choice>
<choice value="user">Users</choice>
<choice value="computer">Computers</choice>
</input>
<input type="text" token="cn_field">
<label>CN</label>
<default>*</default>
</input>
<input type="text" token="ou_field">
<label>OU</label>
<default>*</default>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>| ldapsearch search="(&amp;(cn=$cn_field$)(objectClass=$objectClass_field$))" 
| rex field=distinguishedName max_match=50 "(?&lt;ou_extraction&gt;OU=([^,]+))"
| search ou_extraction="OU=$ou_field$"
| rename ou_extraction AS "ou"
| table cn, dNSHostName, operatingSystem, ou, objectClass, isCriticalSystemObject, lastLogon, pwdLastSet, description</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
Share This:
Tagged:

Leave A Comment?