Installation

LDAP configuration showing users, but not allowing login

andrewdotnich
Explorer

I've configured my Splunk setup to use LDAP, and it shows the few users I've configured to meet my criteria in the list (see http://imgur.com/l5iTu)

If, however, I try to log on using the correct LDAP credentials, I receive "Invalid username and password" error. If after that I log in as admin again, the user I attempted to log in as has disappeared from the list (see http://imgur.com/tUIDz)

EDIT: Resynching the user list via the manager causes the username to reappear (curiouser and curiouser)

I'm running on an Enterprise License (albeit it a trial one) -- there aren't any policy reasons why this behaviour would occur, are there?

EDIT #2: Here's my authentication.conf:

[authentication]
authSettings = mycompany LDAP
authType = LDAP

[mycompany LDAP]
SSLEnabled = 0
bindDNpassword = $1$sQ==
charset = utf8
groupBaseDN = ou=Group,dc=mycompany,dc=com
groupBaseFilter = (cn=splunk*)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ldap.int.mycompany.com
port = 389
realNameAttribute = displayname
userBaseDN = dc=mycompany,dc=com
userBaseFilter = (ou=People)
userNameAttribute = uid

[roleMap]
admin = splunk-admin
splunk-admin = splunk-admin
splunk-dev-viewers = splunk-dev-viewers
splunk-ops-viewers = splunk-ops-viewers
splunk-report-builders = splunk-report-builders
splunk_qa_viewers = splunk-qa-viewers
user = People;splunk-admin;splunk-dev-viewers;splunk-ops-viewers;splunk-qa-viewers;splunk-report-builders

And here's my LDAP entry as an example:

# andrewn, People, mycompany.com
dn: cn=andrewn,ou=People,dc=mycompany,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: andrewn
uid: andrewn
givenName: Andrew
sn: Nicholson
homeDirectory: /home/andrewn
gecos: Andrew Nicholson
l: Melbourne
st: Victoria
uidNumber: xxxx
displayName: Andrew Nicholson
mail: andrew.nicholson@mycompany.com
employeeType: Employee
gidNumber: xxxxx
loginShell: /bin/bash
shadowLastChange: xxxxx

And one of our LDAP groups:

# splunk-admin, Group, mycompany.com
dn: cn=splunk-admin,ou=Group,dc=mycompany,dc=com
cn: splunk-admin
objectClass: groupOfNames
objectClass: top
description: Splunk Administrators
member: cn=xxxxxxx,ou=People,dc=mycompany,dc=com
member: cn=andrewn,ou=People,dc=mycompany,dc=com
member: cn=xxxxxxxx,ou=People,dc=mycompany,dc=com
Tags (2)
0 Karma
1 Solution

jbsplunk
Splunk Employee
Splunk Employee

It could be that groupBaseDN is properly configured, but the userBaseDN is not. Support has seen issues with users disappearing in the manner you describe in the past.

Take a look at the following url:

http://www.splunk.com/base/Documentation/4.1.4/Admin/SetupuserauthenticationwithLDAP#Configure_LDAP

Review the 'Test your LDAP configuration' section. This should be helpful in pointing out whatever variance may exist between groupBaseCN and userBaseDN.

Based on what I see in your configuration, I would suggest a couple of changes to authentication.conf:

  1. Edit your userBaseDN to look like this:

    userBaseDN = ou=People,dc=mycompany,dc=com

  2. Remove this line:

    userBaseFilter = (ou=People)

View solution in original post

jbsplunk
Splunk Employee
Splunk Employee

It could be that groupBaseDN is properly configured, but the userBaseDN is not. Support has seen issues with users disappearing in the manner you describe in the past.

Take a look at the following url:

http://www.splunk.com/base/Documentation/4.1.4/Admin/SetupuserauthenticationwithLDAP#Configure_LDAP

Review the 'Test your LDAP configuration' section. This should be helpful in pointing out whatever variance may exist between groupBaseCN and userBaseDN.

Based on what I see in your configuration, I would suggest a couple of changes to authentication.conf:

  1. Edit your userBaseDN to look like this:

    userBaseDN = ou=People,dc=mycompany,dc=com

  2. Remove this line:

    userBaseFilter = (ou=People)

andrewdotnich
Explorer

Thank you very much, that did indeed solve the problem 🙂

0 Karma

ziegfried
Influencer

What kind of LDAP server are you using? It would also be helpful to show your LDAP configuartion.

0 Karma

andrewdotnich
Explorer

and yes, the LDAP configuration is enabled.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...