I am having issues with the Active Directory/ldapsearch app.
I have the ldap.conf configured properly I think.
When I click on one of the security audit reports I see that LDAP is being used.
I ran a wireshark on the windows server and as a test I used unsecure LDAP.
I see the splunk server authenticating fine, I see LDAP returning a bunch of data, but then nothing shows up in Splunk.
I do get two bars at the top with:
[subsearch]: No matching fields exist
No matching fields exist
I thought maybe it only works with SSL enabled, so I tried that too, but same effect.
The other issue (might be related) is that the debug=t doesn't seem to do anything for the ldapsearch. Nothing is written in the debug log.
I can use other LDAP browsers and connect to LDAP no problem.
Splunk is running on Linux and I am monitoring a Windows Advanced 2008 R2 server.
The rest of the app seems to be running fine.
... View more