Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk web is not working: LDAP failure

kml_uvce
Builder
‎04-08-2012 11:49 PM

i am getting this error in splunk web
SplunkdConnectionException: Splunkd daemon is not responding: ('The read operation timed out',)

I am sending logs of files

in splunkd.log
04-09-2012 06:31:26.877 +0000 ERROR ScopedLDAPConnection - strategy= Error binding to LDAP. reason="Can't contact LDAP server"
04-09-2012 06:31:26.878 +0000 ERROR UserManagerPro - Failed to get LDAP user="kbisht" from any configured servers
04-09-2012 06:31:55.897 +0000 ERROR ScopedLDAPConnection - strategy="akamai" Error binding to LDAP. reason="Can't contact LDAP server"
04-09-2012 06:31:55.898 +0000 ERROR UserManagerPro - Failed to get LDAP user="cboone" from any configured servers

In splunkd_access.log

172.19.216.220 - - [09/Apr/2012:06:07:12.539 +0000] "GET / HTTP/1.1" 200 2458 - - - 1ms
172.19.216.220 - - [09/Apr/2012:06:07:13.662 +0000] "GET /static/atom.xsl HTTP/1.1" 200 8665 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:22:37.400 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 1ms
127.0.0.1 - - [09/Apr/2012:06:23:01.714 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:23:10.561 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:23:10.565 +0000] "POST /services/auth/login HTTP/1.1" 401 246 - - - 60013ms
127.0.0.1 - - [09/Apr/2012:06:29:19.853 +0000] "POST /services/auth/trustedlogin HTTP/1.1" 400 245 - - - 60017ms
127.0.0.1 - - [09/Apr/2012:06:29:49.343 +0000] "POST /services/auth/trustedlogin HTTP/1.1" 400 245 - - - 60013ms

In web_service.log

2012-04-09 06:46:28,528 INFO [4f8285a6851a66e950] cplogging:55 - [09/Apr/2012:06:46:28] HTTP
Request Headers:
X-FORWARDED-SERVER: dev-unix-splunk01.kendall.corp.akamai.com
COOKIE: session_id_8000=bd31d7a454b51a22940f6c16afee94dc6d2210ab; pubcookie_s_splunk.akamai.com=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; IS3_History=1332266098-71-93_3-71-_62340-2---1333952636_3_3; IS3_GSV=DPL-2_TES-1333872676_PCT-1333953355_GeoIP-223.227.38.219_GeoCo-IN_GeoRg-_GeoCt-_GeoNs-_GeoDm-; XR77=CT-2; _jsuid=9466990283690457293
ACCEPT-LANGUAGE: en-us
HOST: localhost:8000
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
USER-AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7
CONNECTION: Keep-Alive
Remote-Addr: 127.0.0.1
X-FORWARDED-HOST: dev-unix-splunk01.kendall.corp.akamai.com
X-FORWARDED-FOR: 172.19.216.220
ACCEPT-ENCODING: gzip, deflate
X-FORWARDED-USER: kbisht
2012-04-09 06:46:28,529 DEBUG [4f8285a6851a66e950] _cplogging:55 - [09/Apr/2012:06:46:28] HTTP Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 606, in respond
cherrypy.response.body = self.handler()
File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 25, in __call_
return self.callable(*self.args, **self.kwargs)
File "", line 1, in
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 38, in rundecs
return fn(*a, **kw)
File "", line 1, in
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 105, in check
return fn(self, *a, **kw)
File "", line 1, in
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 154, in validate_ip
return fn(self, *a, **kw)
File "", line 1, in
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 246, in preform_sso_check
login(self, incoming_remote_user)
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 172, in login
sessionKey = splunk.auth.getSessionKeyForTrustedUser(user)
File "/opt/splunk/lib/python2.7/site-packages/splunk/auth.py", line 53, in getSessionKeyForTrustedUser
serverResponse, serverContent = rest.simpleRequest(uri, postargs=args)
File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/init.py", line 396, in simpleRequest
raise splunk.SplunkdConnectionException, str(e)
SplunkdConnectionException: Splunkd daemon is not responding: ('The read operation timed out',)

In web_access.log

1bf131a66ec10 4ms
127.0.0.1 - - [09/Apr/2012:06:29:48.417 +0000] "GET / HTTP/1.1" 303 102 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7" - 4f8281dc6a1a71bf10 3ms
127.0.0.1 - - [09/Apr/2012:06:29:19.848 +0000] "GET /en-US/ HTTP/1.1" 500 2688 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7" - 4f8281bfd91a66ec10 30009ms
127.0.0.1 - - [09/Apr/2012:06:29:49.338 +0000] "GET /en-US/ HTTP/1.1" 500 2688 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7" - 4f8281dd561a71be50 30009ms
127.0.0.1 - - [09/Apr/2012:06:45:57.735 +0000] "GET / HTTP/1.1" 303 102 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7" - 4f8285a5bc1a794fd0 4ms
127.0.0.1 - - [09/Apr/2012:06:45:58.521 +0000] "GET /en-US/ HTTP/1.1" 500 2688 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7" - 4f8285a6851a66e950 30009ms
~

In splunkd_access.log

27.0.0.1 - - [09/Apr/2012:05:59:07.984 +0000] "POST /services/auth/trustedlogin HTTP/1.1" 400 245 - - - 60012ms
127.0.0.1 - - [09/Apr/2012:05:59:50.992 +0000] "POST /services/auth/login HTTP/1.1" 401 246 - - - 60013ms
127.0.0.1 - - [09/Apr/2012:06:01:22.105 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:01:31.008 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:01:31.012 +0000] "POST /services/auth/login HTTP/1.1" 401 246 - - - 60013ms
172.19.216.220 - - [09/Apr/2012:06:07:12.539 +0000] "GET / HTTP/1.1" 200 2458 - - - 1ms
172.19.216.220 - - [09/Apr/2012:06:07:13.662 +0000] "GET /static/atom.xsl HTTP/1.1" 200 8665 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:22:37.400 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 1ms
127.0.0.1 - - [09/Apr/2012:06:23:01.714 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:23:10.561 +0000] "GET /services/server/info HTTP/1.1" 200 4002 - - - 2ms
127.0.0.1 - - [09/Apr/2012:06:23:10.565 +0000] "POST /services/auth/login HTTP/1.1" 401 246 - - - 60013ms
127.0.0.1 - - [09/Apr/2012:06:29:19.853 +0000] "POST /services/auth/trustedlogin HTTP/1.1" 400 245 - - - 60017ms
127.0.0.1 - - [09/Apr/2012:06:29:49.343 +0000] "POST /services/auth/trustedlogin HTTP/1.1" 400 245 - - - 60013ms
127.0.0.1 - - [09/Apr/2012:06:45:58.526 +0000] "POST /services/auth/trustedlogin HTTP/1.1" 400 245 - - - 60012ms

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rgcurry
Contributor
‎07-10-2012 03:06 PM

In code I wrote some time ago to support Single Sign-On for an application, I got similar errors with my LDAP processing -- LDAP connection errors -- that were caused by specifying the wrong port (finger check in my code entry). It still did not work when I corrected that so I added the domain name to fully-qualify the hostname of the LDAP server to which I was attempting connection. That solved my problem. See if these are possibilities for you.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rgcurry
Contributor
‎07-10-2012 03:06 PM

In code I wrote some time ago to support Single Sign-On for an application, I got similar errors with my LDAP processing -- LDAP connection errors -- that were caused by specifying the wrong port (finger check in my code entry). It still did not work when I corrected that so I added the domain name to fully-qualify the hostname of the LDAP server to which I was attempting connection. That solved my problem. See if these are possibilities for you.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...