https://community.splunk.com/t5/Security/splunk-ldap-errors-troubleshoot/m-p/478291#M11044 <P>Hello<BR /> I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.<BR /> I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.<BR /> If I go in UI -&gt; reload authentication strategy - &gt; No error and everything is success, as well as I can see users under different mapped groups.</P> <P>I have tried some different troubleshoot methods but nothing works.<BR /> 1. Tried to run from unix terminal :<BR /> ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"<BR /> -&gt; ldap_result: Can't contact LDAP server (-1)<BR /> so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?<BR /> I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case. <BR /> How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?</P> <P>I tried also to run<BR /> | ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:<BR /> External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/<EM>init</EM>.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".</P> Wed, 30 Sep 2020 04:20:17 GMT net1993 2020-09-30T04:20:17Z https://community.splunk.com/t5/Security/splunk-ldap-errors-troubleshoot/m-p/478291#M11044 <P>Hello<BR /> I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.<BR /> I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.<BR /> If I go in UI -&gt; reload authentication strategy - &gt; No error and everything is success, as well as I can see users under different mapped groups.</P> <P>I have tried some different troubleshoot methods but nothing works.<BR /> 1. Tried to run from unix terminal :<BR /> ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"<BR /> -&gt; ldap_result: Can't contact LDAP server (-1)<BR /> so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?<BR /> I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case. <BR /> How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?</P> <P>I tried also to run<BR /> | ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:<BR /> External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/<EM>init</EM>.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".</P> Wed, 30 Sep 2020 04:20:17 GMT https://community.splunk.com/t5/Security/splunk-ldap-errors-troubleshoot/m-p/478291#M11044 net1993 2020-09-30T04:20:17Z https://community.splunk.com/t5/Security/splunk-ldap-errors-troubleshoot/m-p/478292#M11045 <P>Splunk LDAP search is, by default, limited to the first 1000 searches. If a user exists beyond that, it will fail.</P> Tue, 17 Mar 2020 00:22:49 GMT https://community.splunk.com/t5/Security/splunk-ldap-errors-troubleshoot/m-p/478292#M11045 codebuilder 2020-03-17T00:22:49Z