Splunk Search

LDAP strategy is not returning any groups.

fabianbr
New Member

Hello everyone.

I have configured LDAP with my splunk, everything seems to be working correctly, but i'm getting the following error message.

"Your LDAP strategy 'ldap1' is not returning any groups. Please check your LDAP configuration or consult splunkd.log for LDAP errors."

Here's what my authentication.conf file looks like.

[authentication]
authType = LDAP
authSettings = ldap1

[ldap1]
host = sjcldap.ad.ea.com
port = 3268
SSLEnabled = 0
bindDN = esmguest
bindDNpassword = ############
userBaseDN = dc=ad,dc=ea,dc=com
userBaseFilter = (objectclass=)
groupBaseDN = dc=ad,dc=ea,dc=com
groupBaseFilter = (objectclass=
)
userNameAttribute = sAMAccountName
realNameAttribute = displayName
groupMappingAttribute = uid
groupMemberAttribute = uniqueMember
groupNameAttribute = uid

[roleMap_ldap1]

And i'm seeing this in my splunkd.log file

08-15-2013 07:14:24.071 -0700 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
08-15-2013 07:14:32.089 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="admin" was not found on the LDAP server, removing it from the role map
08-15-2013 07:14:32.264 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="dbarajas@contractor.ea.com" was not found on the LDAP server, removing it from the role map
08-15-2013 07:15:59.219 -0700 WARN AdminManager - Endpoint has not specified a type for val=LDAP, will return this as a string in JSON API.
08-15-2013 07:19:02.841 -0700 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
08-15-2013 07:19:15.988 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="Admin" was not found on the LDAP server, removing it from the role map
08-15-2013 07:19:16.049 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="Users" was not found on the LDAP server, removing it from the role map
08-15-2013 18:09:32.183 -0700 ERROR AuthenticationManagerLDAP - Could not find user="nobody" with strategy="ldap1"
08-15-2013 18:09:32.184 -0700 ERROR UserManagerPro - Failed to get LDAP user="nobody" from any configured servers

Any help you can provide is welcomed.

Have a Great Day.

Regards.

0 Karma

stemo76
Explorer

We found that only populated groups will show in the UI. Empty groups are omitted. You can probably edit the authentication.conf file to add your groups.

We also left the user filter empty.

mendesjo
Path Finder

Good find Stemo76. was ready to pull my hair out ..

0 Karma

SirHill17
Communicator

What should be edited in the authentication.conf to be able to find empty group ?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...