- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk App for Windows Infrastructure: Why am ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for Windows Infrastructure: Why am I getting ldapfilter error "In order to perform this operation, a successful bind must be completed on the connection."?
DEAR ALL:
My splunk version is 6.1.4 bulid 233537
My Splunk App for Windows Infrastructure version is 1.0.4
When I want to create this report "Active Directory -->users-->User report-->Active", it show this error message......
"External search command 'ldapfilter' returned error code 1. Script output = " ERROR "LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090724, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0"
How can I fix it !!!!! please help me ,thank you.....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And you have configured everything accourding to the documentation;
http://docs.splunk.com/Documentation/MSApp/1.0.4/MSInfra/AbouttheSplunkAppforMSInfrastructure
and you have checked the following part of it:
http://docs.splunk.com/Documentation/MSApp/1.0.4/MSInfra/TroubleshoottheSplunkAppforWindowsInfrastru...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is ldap operating log....
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/splunklib/searchcommands/search_command.py", line 316, in process
self._execute(operation, reader, writer)
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/splunklib/searchcommands/generating_command.py", line 79, in _execute
for record in operation():
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/ldapsearch.py", line 87, in generate
password=configuration.credentials.password) as connection:
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/ldap3/core/connection.py", line 264, in __enter__
self.open()
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/ldap3/strategy/syncWait.py", line 51, in open
BaseStrategy.open(self, reset_usage)
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/ldap3/strategy/baseStrategy.py", line 90, in open
self._open_socket(self.connection.server.ssl)
File "/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/ldap3/strategy/baseStrategy.py", line 130, in _open_socket
raise communication_exception_factory(LDAPSocketOpenError, exc)(self.connection.last_error)
LDAPSocketOpenError: socket creation error: [Errno -2] Name or service not known
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The last error message is pretty clear, python is not able to connect to the server name in your config. check for typos and if you can reach this server
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally ...........I re-install old version ldap app to solve this problem!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Now.......the error log show "External search command 'ldapsearch' returned error code 1. Script output = " ERROR "LDAPSocketOpenError at ""/opt/sbox/splunk/etc/apps/SA-ldapsearch/bin/packages/ldap3/strategy/baseStrategy.py"", line 130 : socket creation error: [Errno -2] Name or service not known"
Can someone help me to solve this question~~~~
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SORRY........I think I need to config some setting ,but I do not know which file should I config.....can you teach me which file need to config
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
$SPLUNK_INSTALL/etc/apps/SA-ldapsearch/local/ldap.conf
Check here: (even if it is not the latest, it is the same settings)
http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/ConfiguretheSA-ldapsearchsupport...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Note: I am familiar with LDAP and AD/LDAP, not with the App in question.
Have you provided "ldapfilter" a valid login and password to access AD? Note that you probably need to provide the full DN of the user, as seen via LDAP. Test the LDAP BIND via an "ldapsearch" (on Linux), like:
ldapsearch -xh your.ad.host.example.com -p tcp.port.of.AD-LDAP.example.com -D "DN of the user best with double quotes" -W -b
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
