Security

Why do I see "Invalid credentials" while creating ldap strategy with "ssl start_tls" config?

hrawat_splunk
Splunk Employee
Splunk Employee

If I add strategy in authentication.conf manually and edit ldap.conf

authentication.conf 
[test_ldap]
SSLEnabled = 1
host = ldap.myldap.com
port = 636
anonymous_referrals = 1
bindDN = xxxx
bindDNpassword = xxxx
emailAttribute = mail
groupBaseDN = xxxx
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
nestedGroups = 0
network_timeout = 20
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = dc=xxxx
userNameAttribute = uid

ldap.conf
ssl start_tls
TLS_REQCERT never
TLS_CERT <SPLUNKHOME>/auth/mycert.pem
TLS_KEY <SPLUNKHOME>auth/myprivatekey.pem
0 Karma

hrawat_splunk
Splunk Employee
Splunk Employee

The reason for failure is that TLS_CERT and TLS_KEY are user-only options according to man page for LDAP.CONF(5).

TLS_CERT
Specifies the file that contains the client certificate. This is a user-only option.

TLS_KEY
Specifies the file that contains the private key that matches the certificate stored in the TLS_CERT file. Currently, the private key must not be pro‐
tected with a password, so it is of critical importance that the key file is protected carefully. This is a user-only option.

All user-only options must be in .ldaprc or ldaprc file not ldap.conf. Location for .ldaprc/ldaprc is under user's home directory and not under splunk install directory.

user files $HOME/ldaprc, $HOME/.ldaprc

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...