Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

splunk ldap errors troubleshoot

net1993
Path Finder
‎02-24-2020 01:35 AM

Hello
I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.
I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.
If I go in UI -> reload authentication strategy - > No error and everything is success, as well as I can see users under different mapped groups.

I have tried some different troubleshoot methods but nothing works.
1. Tried to run from unix terminal :
ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
-> ldap_result: Can't contact LDAP server (-1)
so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?
I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case.
How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?

I tried also to run
| ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:
External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/init.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".

Labels (1)
Labels
Tags (2)
0 Karma
Reply

codebuilder
Influencer
‎03-16-2020 05:22 PM

Splunk LDAP search is, by default, limited to the first 1000 searches. If a user exists beyond that, it will fail.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...