All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Users can no longer execute ldapsearch; capability required only admins have

tweaktubbie
Communicator
‎03-22-2017 09:11 AM

Until months ago the SA-LDAPsearch 2.1.4 (aka Splunk Support for Active Directory) app worked fine, and it still does for me as admin.

But it appears no alerts have come through for a lot of time now.
What users see when trying to query:

External search command 'ldaptestconnection' returned error code 1. Script output = " ERROR " # host: somedomain Could not access the directory service at ldaps://someserver:636: 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580" "

Their attempt or even |ldaptestconnection) results in index=_audit in events like these:

 Audit:[timestamp=03-20-2017 11:18:15.673, id=*, user=xxxxx, action=list_storage_passwords,  info=denied object="SA-ldapsearch:default:" operation=list]

Seems not good to grant any non-admin role this capability, but how other way can a specific group of users (or even a few) be given the possibility to run ldap searches?

Running Splunk 6.5.1 on Linux; had as always granted the Power role read-access to the App, users involved had the Power role.

Reply

datasearchninja
Communicator
‎06-20-2018 07:49 PM

The workaround mentioned in https://answers.splunk.com/answers/189732/splunk-support-for-active-directory-why-are-non-ad.html still works.

You can place the plaintext password in the ldap.conf file against a password= paramater, and remove the encrypted version from passwords.conf, and the code will fallback to the plaintext one.

0 Karma
Reply

Kieffer87
Communicator
‎03-06-2018 10:37 AM

Also having this issue though we are just now noticing it after upgrading to 7.0.2. Have you found a workaround for this?

Reply

ThomasControlwa
Path Finder
‎02-13-2018 08:46 AM

hi,
do you find a Workaround?
many thanks in advance

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...