https://community.splunk.com/t5/Deployment-Architecture/After-installing-Splunk-on-RHE-Linux-6-and-configuring-it-to-use/m-p/208469#M7819 <P>I have installed Splunk on RHEL6 and have configured it to use LDAP, not AD. I can do an LDAP search from CLI and find my username and I can do a group search and find my group with my name in it. Splunk communicates with my LDAP server with no problem.</P> <P>When I try to login, that is when I start getting errors. I have posted the errors below along with authentication.conf, the ldapsearch, my LDAP user entry and LDAP group entry.</P> <P>Any idea why it is failing to see my LDAP user id?</P> <P><STRONG>Error</STRONG></P> <PRE><CODE>09-09-2015 17:33:09.482 -0400 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="userOne". Search filter="(&amp;(memberuid=cn=userOne,cn=users,dc=example,dc=com)(|(cn=splunk-admin*)(cn=posix)(cn=linux)))" strategy="LDAP" 09-09-2015 17:33:09.482 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="userOne" on any configured servers </CODE></PRE> <P><STRONG>authentication.conf</STRONG></P> <PRE><CODE>[authentication] authSettings = LDAP authType = LDAP [roleMap_LDAP] power-storage = splunk-admin-storage power-linux = splunk-admin-linux [LDAP] SSLEnabled = 1 anonymous_referrals = 1 bindDNpassword = xxxxxx charset = utf8 emailAttribute = mail groupBaseDN = cn=groups,dc=example,dc=com groupBaseFilter = (|(cn=splunk-admin*)(cn=posix)(cn=linux)) groupMappingAttribute = dn groupMemberAttribute = memberuid groupNameAttribute = cn host = xxxxxx.example.com nestedGroups = 0 network_timeout = 20 port = 636 realNameAttribute = displayname sizelimit = 1000 timelimit = 15 userBaseDN = cn=users,dc=example,dc=com userNameAttribute = uid ldapsearch -x -H ldaps://xxxxxx.example.com -D "dc=example,dc=com" -b "memberuid=userOne,cn=groups,dc=example,dc=com" # extended LDIF # # LDAPv3 # base &lt;memberuid=userOne,cn=groups,dc=example,dc=com&gt; with scope subtree # filter: (objectclass=*) # requesting: ALL # \# search result search: 2 result: 32 No such object matchedDN: cn=Groups, dc=example,dc=com \# numResponses: 1 </CODE></PRE> <P><STRONG>LDAP User</STRONG></P> <PRE><CODE># extended LDIF # # LDAPv3 # base &lt;cn=users,dc=example,dc=com&gt; with scope subtree # filter: cn=userOne # requesting: ALL # \# userOne, users, example.com dn: cn=userOne,cn=users,dc=example,dc=com uidnumber: xxxxxxx loginshell: /bin/bash homedirectory: /home/userOne gidnumber: xxxxxxx examplelinuxuid: userOne objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: oblixorgperson objectclass: posixAccount mail: User.One@example.com examplenamesdn: CN=User One,O=example,C=US exampledominosubperson: 1 exampledominoorgname: xxxxxxx exampledominoorgcode: xxxxxxx exampledominonerdname: One.User exampledominolocation: xxxxxxx dexamplertmentnumber: xxxxxxx cn: userOne cn: user one uid: userOne displayname: User One sn: One givenname: User examplesimtreedn: cn=userOne,ou=Internal,o=example examplesimtreeuid: userOne </CODE></PRE> <P><STRONG>LDAP Group</STRONG></P> <PRE><CODE># extended LDIF # # LDAPv3 # base &lt;cn=groups,dc=example,dc=com&gt; with scope subtree # filter: cn=splunk-admin-linux # requesting: ALL # \# splunk-admin-linux, posix, linux, Groups, example.com dn: cn=splunk-admin-linux,cn=posix,cn=linux,cn=Groups,dc=example,dc=com memberuid: userOne memberuid: userTwo memberuid: userThree gidnumber: xxxxx objectclass: top objectclass: posixGroup objectclass: groupOfUniqueNames description: Splunk SysAdmins cn: splunk-admin-linux </CODE></PRE> Wed, 09 Sep 2015 22:19:00 GMT ralphw_SAIC 2015-09-09T22:19:00Z https://community.splunk.com/t5/Deployment-Architecture/After-installing-Splunk-on-RHE-Linux-6-and-configuring-it-to-use/m-p/208469#M7819 <P>I have installed Splunk on RHEL6 and have configured it to use LDAP, not AD. I can do an LDAP search from CLI and find my username and I can do a group search and find my group with my name in it. Splunk communicates with my LDAP server with no problem.</P> <P>When I try to login, that is when I start getting errors. I have posted the errors below along with authentication.conf, the ldapsearch, my LDAP user entry and LDAP group entry.</P> <P>Any idea why it is failing to see my LDAP user id?</P> <P><STRONG>Error</STRONG></P> <PRE><CODE>09-09-2015 17:33:09.482 -0400 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="userOne". Search filter="(&amp;(memberuid=cn=userOne,cn=users,dc=example,dc=com)(|(cn=splunk-admin*)(cn=posix)(cn=linux)))" strategy="LDAP" 09-09-2015 17:33:09.482 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="userOne" on any configured servers </CODE></PRE> <P><STRONG>authentication.conf</STRONG></P> <PRE><CODE>[authentication] authSettings = LDAP authType = LDAP [roleMap_LDAP] power-storage = splunk-admin-storage power-linux = splunk-admin-linux [LDAP] SSLEnabled = 1 anonymous_referrals = 1 bindDNpassword = xxxxxx charset = utf8 emailAttribute = mail groupBaseDN = cn=groups,dc=example,dc=com groupBaseFilter = (|(cn=splunk-admin*)(cn=posix)(cn=linux)) groupMappingAttribute = dn groupMemberAttribute = memberuid groupNameAttribute = cn host = xxxxxx.example.com nestedGroups = 0 network_timeout = 20 port = 636 realNameAttribute = displayname sizelimit = 1000 timelimit = 15 userBaseDN = cn=users,dc=example,dc=com userNameAttribute = uid ldapsearch -x -H ldaps://xxxxxx.example.com -D "dc=example,dc=com" -b "memberuid=userOne,cn=groups,dc=example,dc=com" # extended LDIF # # LDAPv3 # base &lt;memberuid=userOne,cn=groups,dc=example,dc=com&gt; with scope subtree # filter: (objectclass=*) # requesting: ALL # \# search result search: 2 result: 32 No such object matchedDN: cn=Groups, dc=example,dc=com \# numResponses: 1 </CODE></PRE> <P><STRONG>LDAP User</STRONG></P> <PRE><CODE># extended LDIF # # LDAPv3 # base &lt;cn=users,dc=example,dc=com&gt; with scope subtree # filter: cn=userOne # requesting: ALL # \# userOne, users, example.com dn: cn=userOne,cn=users,dc=example,dc=com uidnumber: xxxxxxx loginshell: /bin/bash homedirectory: /home/userOne gidnumber: xxxxxxx examplelinuxuid: userOne objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: oblixorgperson objectclass: posixAccount mail: User.One@example.com examplenamesdn: CN=User One,O=example,C=US exampledominosubperson: 1 exampledominoorgname: xxxxxxx exampledominoorgcode: xxxxxxx exampledominonerdname: One.User exampledominolocation: xxxxxxx dexamplertmentnumber: xxxxxxx cn: userOne cn: user one uid: userOne displayname: User One sn: One givenname: User examplesimtreedn: cn=userOne,ou=Internal,o=example examplesimtreeuid: userOne </CODE></PRE> <P><STRONG>LDAP Group</STRONG></P> <PRE><CODE># extended LDIF # # LDAPv3 # base &lt;cn=groups,dc=example,dc=com&gt; with scope subtree # filter: cn=splunk-admin-linux # requesting: ALL # \# splunk-admin-linux, posix, linux, Groups, example.com dn: cn=splunk-admin-linux,cn=posix,cn=linux,cn=Groups,dc=example,dc=com memberuid: userOne memberuid: userTwo memberuid: userThree gidnumber: xxxxx objectclass: top objectclass: posixGroup objectclass: groupOfUniqueNames description: Splunk SysAdmins cn: splunk-admin-linux </CODE></PRE> Wed, 09 Sep 2015 22:19:00 GMT https://community.splunk.com/t5/Deployment-Architecture/After-installing-Splunk-on-RHE-Linux-6-and-configuring-it-to-use/m-p/208469#M7819 ralphw_SAIC 2015-09-09T22:19:00Z https://community.splunk.com/t5/Deployment-Architecture/After-installing-Splunk-on-RHE-Linux-6-and-configuring-it-to-use/m-p/208470#M7820 <P>Finding someone that reads in the LDAP group and having them configure the entries correctly.</P> Sun, 13 Sep 2015 21:43:37 GMT https://community.splunk.com/t5/Deployment-Architecture/After-installing-Splunk-on-RHE-Linux-6-and-configuring-it-to-use/m-p/208470#M7820 ralphw_SAIC 2015-09-13T21:43:37Z