All Apps and Add-ons

After upgrading to Splunk Support for Active Directory 2.0, why am I getting "invalid" DN (err=34) when I try connecting to my Oracle DSEE7 LDAP Instance?

johnjj7141
Explorer

I installed the V1.1.3 SA-LDAPSearch tool, configured and successfully connected to and can query my Oracle DSEE7 LDAP Instance. When upgrading to V2.0 now named "Splunk Supporting Add-on for Active Directory"....I now get "invalid" DN (err=34) whenever I try to connect. I have used a Services account, a user account and "Directory Manager". All successfully connected in V1.1.3 however NONE will connect in V2.0. All result in an "Invalid DN" error in my LDAP Access log.

My ldap.conf which works in V1.1.3

[dscc7]
server = dsee7.myorg.com
port = 389
ssl = false
basedn = DC=myorg, DC=com
binddn = uid=diradminapi,ou=services,dc=myorg, dc=com
password = {64}encyrptedpwd

my ldap.conf that does NOT work in V2.0
[dscc7]
server = dsee7.myorg.com
port = 389
ssl = 0
basedn = DC=myorg, DC=com
binddn = cn=admin, cn=administrators, cn=administrators, cn=dscc

LDAP Access Log when running the "TEST" COnnection:
[23/Oct/2014:19:07:46 +0000] conn=5133007 op=2 msgId=3 - BIND dn="cn=admin,cn=administrators,cn=dscc" method=128 version=3
[23/Oct/2014:19:07:46 +0000] conn=5133007 op=2 msgId=3 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin,cn=administrators,cn=dscc"
[23/Oct/2014:19:07:46 +0000] conn=5133007 op=3 msgId=4 - SRCH base="" scope=0 filter="(objectClass=*)" attrs="subschemaSubentry +"
[23/Oct/2014:19:07:46 +0000] conn=5133007 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
[23/Oct/2014:19:07:46 +0000] conn=5133007 op=4 msgId=5 - RESULT err=34 tag=101 nentries=0 etime=0, Invalid DN
[23/Oct/2014:19:07:46 +0000] conn=5133007 op=5 msgId=0 - RESULT err=80 tag=120 nentries=0 etime=0

Any Ideas? What is V2.0 doing differently when connecting to the LDAP Repository?

Thanks.

0 Karma
1 Solution

ahall_splunk
Splunk Employee
Splunk Employee

Firstly off, let's get the obvious around - we don't support the Oracle LDAP server, so you are pretty much on your own here. That being said, I think you are suffering from what a lot of other suffer form - the base DN not being filled in on searches. Others have complained that they need to reference a basedn="something" when searching.

I don't know that this is your problem, but you can test it by specifying the basedn="something" in your search.

I'm looking at v2.0.1 to fix this problem. Until then, downgrade to v1.1.13.

View solution in original post

0 Karma

sbochniewicz
Path Finder

Dear splunk,

Can you please update the ldap3 library used by this app as it will allow the proper basedn that was a bug in the previous version.

Recommend using this git repo as it is currently being maintained.

https://github.com/cannatag/ldap3

0 Karma

ahall_splunk
Splunk Employee
Splunk Employee

Firstly off, let's get the obvious around - we don't support the Oracle LDAP server, so you are pretty much on your own here. That being said, I think you are suffering from what a lot of other suffer form - the base DN not being filled in on searches. Others have complained that they need to reference a basedn="something" when searching.

I don't know that this is your problem, but you can test it by specifying the basedn="something" in your search.

I'm looking at v2.0.1 to fix this problem. Until then, downgrade to v1.1.13.

0 Karma

johnjj7141
Explorer

It is NOT Obvious. There is no docmetation save for the .conf 2014 presentation. Where it shows how to configure for LDAP.

0 Karma

ahall_splunk
Splunk Employee
Splunk Employee

Ok - change your binddn back to what it was in v1.1.3 - I'm not sure why you changed it then complained the new one didn't work.

Documentation is available on http://docs.splunk.com as always.

johnjj7141
Explorer
0 Karma

johnjj7141
Explorer

And if you look at your docs....there is NOTHING for V2.0!!! only V2.01.

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi, you can use the drop-down at the top right of the docs page to select different versions. Because 2.0.1 is the latest version, it's showing up by default. You can also replace "latest" in the URL with a version number if you know what you're after.

johnjj7141
Explorer

binddn = cn=admin, cn=administrators, cn=administrators, cn=dscc also works in V1.1.3 of SA-Ldapsearch

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...