- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Splunkers,
I wanna use SA-ldapsearch to get data from openldap server, employee information, etc..
However I got following error messages and failed.
SA-ldapsearch.log
2016-01-25 18:00:23,891, Level=ERROR, Pid=4221, File=search_command.py, Line=282, Abnormal exit: LDAPInvalidDNSyntaxResult - 34 - invalidDNSyntax - None - invalid DN - searchResDone - None
ldaplog
Jan 25 18:00:23 host slapd[3888]: conn=2 op=0 ENTRY dn=""
Jan 25 18:00:23 host slapd[3888]: conn=2 op=1 ENTRY dn="cn=subschema"
Jan 25 18:00:23 host slapd[3888]: conn=2 op=3 ENTRY dn=""
Jan 25 18:00:23 host slapd[3888]: do_search: invalid dn (c)
Can we use SA-ldapsearch for this purpose ? or not ?
If anyone know the use case like this, please let me know.
Thank you for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Hi akanno,
I don't know if this will work or not, but I know that this app https://splunkbase.splunk.com/app/1852/ works pretty well with almost any kind of LDAP provider. The only currently known limitation is that Splunk must be running on Linux/Unix.
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello i have the same problem here :
Feb 5 16:31:51 slapd[98008]: conn=1298 fd=120 ACCEPT from IP=***.***.***:47803 (IP=*.*.*.*:636)
Feb 5 16:31:51 slapd[98008]: conn=1298 fd=120 TLS established tls_ssf=256 ssf=256
Feb 5 16:31:51 slapd[98008]: conn=1298 op=0 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Feb 5 16:31:51 slapd[98008]: conn=1298 op=0 SRCH attr=* +
Feb 5 16:31:51 slapd[98008]: conn=1298 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 5 16:31:51 slapd[98008]: conn=1298 op=1 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=subschema)"
Feb 5 16:31:51 slapd[98008]: conn=1298 op=1 SRCH attr=objectClasses attributeTypes ldapSyntaxes matchingRules matchingRuleUse dITContentRules dITStructureRules nameForms createTimestamp modifyTimestamp * +
Feb 5 16:31:51 slapd[98008]: conn=1298 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 5 16:31:51 slapd[98008]: conn=1298 op=2 BIND dn="cn=*,ou=Services,dc=*,dc=*" method=128
Feb 5 16:31:51 slapd[98008]: conn=1298 op=2 BIND dn="cn=*,ou=Services,dc=*,dc=*" mech=SIMPLE ssf=0
Feb 5 16:31:51 slapd[98008]: conn=1298 op=2 RESULT tag=97 err=0 text=
Feb 5 16:31:51 slapd[98008]: conn=1298 op=3 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Feb 5 16:31:51 slapd[98008]: conn=1298 op=3 SRCH attr=* +
Feb 5 16:31:51 slapd[98008]: conn=1298 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 5 16:31:51 slapd[98008]: conn=1298 op=4 do_search: invalid dn: "c"
Feb 5 16:31:51 slapd[98008]: conn=1298 op=4 SEARCH RESULT tag=101 err=34 nentries=0 text=invalid DN
Feb 5 16:31:51 dhadlx135 slapd[98008]: conn=1298 fd=120 closed (connection lost)
It was working well but we change the machine and now it looks like the addon send incomplete DN, just the first letter.
Thank you for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


@mOewa This thread is over two years old with an accepted answer. For a better chance at getting an answer to your problem, please post a new question.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Hi akanno,
I don't know if this will work or not, but I know that this app https://splunkbase.splunk.com/app/1852/ works pretty well with almost any kind of LDAP provider. The only currently known limitation is that Splunk must be running on Linux/Unix.
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Correction: It will not work!
From the docs http://docs.splunk.com/Documentation/SA-LdapSearch/latest/User/Platformandhardwarerequirements#What_...
The add-on does not support AD Lightweight Directory Services (AD LDS) or other Lightweight Directory Access Protocol (LDAP) server types.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much for reply, MuS.
I've tried to use this app but met following error messages as a search result.
command="ldap", : LDAP modul load failed!
myldap.py.log
2016-01-26 18:37:55,744 INFO myldap:55 - setting modul path...
2016-01-26 18:37:55,744 INFO myldap:57 - modul path: /opt/splunk/etc/apps/TA-LDAP/bin/ldap
2016-01-26 18:37:55,744 INFO myldap:58 - loading ldap modul...
2016-01-26 18:37:55,759 ERROR myldap:63 - ERROR: LDAP modul load failed with error /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /opt/splunk/etc/apps/TA-LDAP/bin/ldap/ldap/libssl.so.10)!
My Splunk server is CentOS 6.5 fineal version.
Will I need to install any other modules to use this app ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Did you check the documentation of the App? It states:
Python ldap module used in this app https://pypi.python.org/pypi/python-ldap/2.4.19 so make sure you meet all dependencies.
I heard of this before; in the latest releases of CentOS the GLIB version changed and hence the GLIBC_2.14 is not available.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for reply.
Sorry I still had not read the documentation.
When I fixed dependency, this app have worked.
Thank you very much !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

You're welcome. Feel free to accept this answer - thanks 🙂
