I need help getting started with SA-ldapsearch because there are no results returned during the test connection phase of SA-ldapsearch configuration. Test connection starts the search:
| ldapsearch domain="default" scope=base search="(objectClass=*)" attrs="distinguishedName"
The events showing the error in the SA-ldapsearch.log file are:
2014-10-25 08:04:55,375, Level=ERROR, Pid=7872, File=search_command.py, Line=342, Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\splunklib\searchcommands\search_command.py", line 316, in process
self._execute(operation, reader, writer)
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\splunklib\searchcommands\generating_command.py", line 79, in _execute
for record in operation():
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\ldapsearch.py", line 79, in generate
configuration = app.Configuration(self)
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\app\configuration.py", line 42, in __init__
self._read_configuration()
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\app\configuration.py", line 149, in _read_configuration
settings = self._read_default_configuration()
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\app\configuration.py", line 177, in _read_default_configuration
settings = {entry[u'title']: entry[u'content'][u'$text'] for entry in entries} if entries else {}
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\app\configuration.py", line 177, in <dictcomp>
settings = {entry[u'title']: entry[u'content'][u'$text'] for entry in entries} if entries else {}
File "C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\splunklib\data.py", line 245, in __getitem__
raise KeyError("No key or prefix: %s" % key)
KeyError: u'No key or prefix: $text.'
The scrubbed (so many subdomains) ldap.conf file is:
[default]
alternatedomain = MAINDOMAIN
basedn = dc=maindomain,dc=dc1,dc=dc2,dc=dc3,dc=dc4,dc=us
binddn = cn=doctor.whom,OU=OU1,OU=OU2,OU=OU3,dc=maindomain,dc=dc1,dc=dc2,dc=dc3,dc=dc4,dc=us
password =
port = 389
server = 10.11.12.13
ssl = 0
The password was entered in the configuration form in Base-64 and appears to have been moved to app.conf. I'm using a trial version on Splunk Enterprise Version 6.1.3 provided by Splunk sales on a Windows 7 PC. SA-ldapsearch app was downloaded 10/15/2014. I have not been able to find the version.
Thanks,
Barry
... View more