topic Re: LDAP configuration issue in Security

LDAP configuration issue

nareshinsvu — Wed, 17 Jul 2019 06:38:57 GMT

I am trying to set-up LDAP authentication. But not able to proceed with below error when adding new LDAP strategy.
Infra teams confirm on the correctness of the userBaseDN. Need help

Encountered the following error while trying to save: Could not find userBaseDN on the LDAP server: OU=Service accounts,OU=Secured Accounts,OU=Accounts,DC=NTSH,DC=LOCAL

Re: LDAP configuration issue

nareshinsvu — Fri, 26 Jul 2019 04:19:32 GMT

Hello Champions - Anyone faced and resolved this issue?

Re: LDAP configuration issue

harsmarvania57 — Fri, 26 Jul 2019 08:49:38 GMT

Hi,

User which you are using to authentication with LDAP has access to OU=Service accounts,OU=Secured Accounts,OU=Accounts,DC=NTSH,DC=LOCAL ?

Re: LDAP configuration issue

gcusello — Fri, 26 Jul 2019 08:53:09 GMT

Hi nareshinsvu,
which Splunk and TA version are you using? two years ago there was a bug on LDAP TA.
Bye.
Giuseppe

Re: LDAP configuration issue

Jarohnimo — Fri, 26 Jul 2019 09:42:33 GMT

When you're adding your user base and group base DNs are you copying them directly from ADSI edit to ensure you have the full string? The smallest mistake in the DN would cause this error. Verify the DN is correct also that the account your running the LDAP strategy with has Rights to view that AD object. Generally all your AD objects are read only and available.

LDAP strategy can be a pain but understanding that both the users security group and User location can and should be specified when setting things up. I have a feeling splunk isn't lying here..

Re: LDAP configuration issue

nareshinsvu — Mon, 29 Jul 2019 06:52:38 GMT

I am on almost latest version - 7.2.5

Re: LDAP configuration issue

nareshinsvu — Mon, 29 Jul 2019 06:53:17 GMT

Yes, Able to veiw the ldap configurations - Read access.

Do you have working conf file for ldap settings? Maybe I will try to co-relate and see what mistakes I am doing?

Re: LDAP configuration issue

nareshinsvu — Mon, 29 Jul 2019 06:55:36 GMT

Yes, I am copying directly from the AD ldap tool - "Right click"-> "Copy DN". But no luck

Do you have working conf file for ldap settings? Maybe I will try to co-relate and see what mistakes I am doing?

Re: LDAP configuration issue

Jarohnimo — Mon, 29 Jul 2019 22:55:34 GMT

Unfortunately mines isn't on a public subnet.

Are you using your domain name as the ldap server name?

Some people put their local domain controller host name or IP. I use the domain name root that way if they change out a domain controller or switch the IP I'm always good. For example: Mydomain.com (whatever your company's logical domain name is) vs servername.

You can test your ldap strategy accounts rights by going to start...run... Type in dsa.msc and run as the ldap strategy binding name. If that account can't view AD objects them that could be your problem. You could try with your own personal admin account (not recommend in the long) but good way to rule out it being the account

Re: LDAP configuration issue

nareshinsvu — Tue, 30 Jul 2019 04:27:11 GMT

It worked only after specifying
groupBaseDN - a complete DN (including CN) of my LDAP group
userBaseDN - a complete DN (including CN) of all the users(semicolon seperated) of the group under userBaseDN

Really strange if the documentation is not user friendly OR too many config parameters to setup LDAP. Splunk should have simply asked us to provide LDAP server name and the groupBaseDN. Hope this will be done in future releases.

Thanks all for your inputs.