- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Error using sa-ldapsearch
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error using sa-ldapsearch
I'm using the lastest version of the app and Splunk 7.0.1 and I've tried every suggestion I can find on the Splunk website without any luck. I get some variation of the error below. I've gone as far as modifying the python the "default" option in the python scripts to point to my domain and all it does is change the error from ldap/default to ldap/"mydomain". Anyone solved this mystery?
External search command 'ldapgroup' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/default
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am seeing the same error, did you ever figure out how to resolve?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm seeing this message as well. I have the below ldap.conf on the search head and indexer (we also have a deployment server we don't have it on) in our environment. I have tried having stanza [domain.com] in all caps and lowercase, as well as alternatedomain = DOMAIN in all caps and lowercase. The error message I'm receiving is "External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. " I used DOMAIN in place of our actual domain name for the example it is correct in the ldap.conf file.
[default]
server = dc1.domain.com
port = 389
[domain.com]
server = dc1.domain.com,dc2.domain.com
port = 389
ssl = false
basedn = DC=naucom,DC=com
binddn = CN=spl user,OU=Splunk,OU=System Accounts,OU=Departments and Categories,DC=domain,DC=com
password = password
alternatedomain = DOMAIN
I'm assuming either you found the answer and didn;t post it or gave up. Either way it would be nice to resolve this issue so we can fully use Splunk App for Windows Infrastructure.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I read a similar post, and followed them.
https://answers.splunk.com/answers/172847/ldapfilter-is-giving-me-error-missing-required-val.html
If you only have 1 domain, you can change that to default. It seems a work-around.
local/ldap.conf
[default]
alternatedomain=DOMAIN
basedn = dc=domain,dc=net
binddn = svc_splunk_ldap
server = ausdadc01.domain.net
ssl = 0
port = 389
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
