We are trying to add LDAP accounts in our Splunk Enterprise 7.0.1
We can see that Splunk is retrieving the groups and the users of the groups (in Map Groups) but even after adding all the roles, it is impossible to login with an AD user.
The users don't appear in the Users menu.
Here is our configuration :
[authentication]
authSettings = TEST
authType = LDAP
[roleMap_TEST]
admin = ADMIN_AD
can_delete = ADMIN_AD
power = ADMIN_AD
splunk-system-role = ADMIN_AD
test_syslog = ADMIN_AD
user = ADMIN_AD
windows-admin = ADMIN_AD
winfra-admin = ADMIN_AD
[TEST]
SSLEnabled = 0
anonymous_referrals = 0
bindDN = account
bindDNpassword = pass
charset = utf8
emailAttribute = mail
groupBaseDN = OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX
groupMappingAttribute = distinguishedname
groupMemberAttribute = member
groupNameAttribute = cn
host = hostname
nestedGroups = 0
network_timeout = 20
port = 389
realNameAttribute = cn
sizelimit = 20000
timelimit = 15
userBaseDN = OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX
userNameAttribute = samaccountname
Here are the relevant logs that we found in splunkd.log (we've already tried to increase the size limit):
01-11-2018 11:17:10.503 +0100 WARN ScopedLDAPConnection - strategy="TEST" LDAP Server returned warning in search for DN="OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX". reason="Size limit exceeded"
01-11-2018 11:17:10.505 +0100 WARN ScopedLDAPConnection - strategy="TEST" LDAP Server returned warning in search for DN="OU=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX". reason="Size limit exceeded"
01-11-2018 11:17:38.736 +0100 INFO AuthenticationManagerLDAP - Could not find user="adminuser" with strategy="TEST"
01-11-2018 11:17:38.736 +0100 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="adminuser" on any configured servers
01-11-2018 11:17:38.736 +0100 ERROR UiAuth - user=adminuser action=login status=failure reason=user-initiated useragent="xx" clientip=XX.XX.XX.XX
Thank you
... View more