Splunk Core Certified Consultant SPLK-3003 Question # 23 Topic 3 Discussion

 The internal Splunk authentication will take precedence over any external schemes, such as LDAP. This means that if a username exists in both $SPLUNK_HOME/etc/passwd and LDAP, the Splunk platform will attempt to log in the user using the native authentication first. If the authentication fails, and the failure is not due to a nonexistent local account, then the platform will not attempt to use LDAP to log in. If the failure is due to a nonexistent local account, then the Splunk platform will attempt a login using the LDAP authentication scheme. References:

https://docs.splunk.com/Documentation/Splunk/9.1.1/Security/SetupuserauthenticationwithLDAP#Precedence_of_Splunk_authentication_schemes 1

https://docs.splunk.com/Documentation/Splunk/9.1.1/Security/SetupuserauthenticationwithLDAP#Precedence_of_Splunk_authentication_schemes 2