- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Why can't an authorized user login via LDAP?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have successfully configured LDAP to my organization's Active Directory and have several strategies configured; we have a massive disorganized domain, so I need to create multiple strategies to keep the returned results within the search time/size limits.
I have one strategy that works just fine for the OU that it points to. However all other strategies (each pointing to different OUs) fail when users attempt to login with the following errors:
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 1"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 2"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 3"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 4"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 5"
The user "sombody01" is discoverable via "Strategy 2" and in fact, enumerates when I browse to Settings > Access controls > Authentication method > LDAP strategies > (Strategy 2) Map groups > "theRelevantGroup-GG"
I have tested using Domain Local vs. Domain Global Groups, rearranged the connection order (no connection errors so this was a shot in the dark), and adjusted my DN strings (however I am confident these are all correct [i.e. no errors upon Strategy save and as indicated above, user enumeration in web gui group mapping]), and the results are the same.
I have searched for days and cannot find a comparable post, but please link if my Google/Duckduckgo/Splunk Answers fu was not good enough.
Cheers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi folks. I solved my problem.
My issue had to do with a misconfigured User Base DN. I was wrong in assuming that the users (Accounts) were stored in the same OU as their team's groups, when in fact the Accounts were one or two parent OUs above their respective team.
This was simply an oddity of how my organization organizes accounts, OUs, groups, etc. in Active Directory.
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi folks. I solved my problem.
My issue had to do with a misconfigured User Base DN. I was wrong in assuming that the users (Accounts) were stored in the same OU as their team's groups, when in fact the Accounts were one or two parent OUs above their respective team.
This was simply an oddity of how my organization organizes accounts, OUs, groups, etc. in Active Directory.
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your problem is resolved, please accept the answer to help future readers.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I was waiting for mod approval.
Join Us for Splunk University and Get Your Bootcamp Game On!
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
Announcing Scheduled Export GA for Dashboard Studio
