Security

My LDAP strategy is disabled and I cannot enable it. Why?

lycollicott
Motivator

it creates fine and connects to the ldap server fine, but just won't enable. Is
Here is my authentication.conf (which is identical to an instance which works)....

[xxx.domain.com]
SSLEnabled = 0
anonymous_referrals = 1
bindDN = CN=splunkldap,OU=Hosting - Operations Analysts,OU=Prod-Users,DC=xxx,DC=domain,DC=com
bindDNpassword = xxxxxxxxxxxxxxxxxxxxxxxxxxx
charset = utf8
emailAttribute = mail
groupBaseDN = ou=Prod-Users,DC=xxx,DC=domain,DC=com
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = *******
nestedGroups = 0
network_timeout = 20
port = 389
realNameAttribute = cn
sizelimit = 1000
timelimit = 15
userBaseDN = ou=Prod-Users,DC=xxx,DC=domain,DC=com
userNameAttribute = samaccountname

[authentication]
authSettings = xxx.domain.com
authType = LDAP
0 Karma
1 Solution

javiergn
SplunkTrust
SplunkTrust

Hi,

  • Do you have a valid Enterprise License or are you using a free one? The latter won't allow LDAP. See this: http://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html

  • Did you re-enter the LDAP user password in the GUI in your second instance? The password is encoded with a local key and this is likely going to be different between your two instances

  • Is the account you are using to connect to AD locked out?

Hope that helps.

View solution in original post

0 Karma

AlexKamalov
New Member

Pardon for being redundant. I have a DEV/Test Enterprise Non-Production  license for Splunk, expiring in Mar 6, 2021. Will Splunk still refuse to enable LDAP under this licensing term?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

https://www.splunk.com/en_us/resources/personalized-dev-test-licenses/faq.html Based on that I suppose that it don’t support LDAP. You could check from _internal which features are enabled after starting your instance.

r. Ismo

0 Karma

javiergn
SplunkTrust
SplunkTrust

Hi,

  • Do you have a valid Enterprise License or are you using a free one? The latter won't allow LDAP. See this: http://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html

  • Did you re-enter the LDAP user password in the GUI in your second instance? The password is encoded with a local key and this is likely going to be different between your two instances

  • Is the account you are using to connect to AD locked out?

Hope that helps.

0 Karma

lycollicott
Motivator

Ah, it was a heavy forwarder I had converted to a forwarder license and that only includes Auth instead of LDAPAuth.

0 Karma

prateedshetty
Path Finder

Hi,

I'm facing the same issue. Can you please let me know what change you made?

TIA

0 Karma

lycollicott
Motivator

I configured my heavy forwarder to use my license manager server.

You do that from Settings->Licensing

0 Karma

prateedshetty
Path Finder

Oh got it! Thanks 🙂

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...