Hello,
I've downloaded the new version of Splunk Support for Active Directory, or SA-ldapsearch app, and I wasn't able to use it. Tried multiple configuration combinations but nothing seems to work, it's returning multiple kinds of errors on the screen mentioning "404", "ldapkey", etc. Here some messages from SA-ldapsearch.log:
2014-10-14 14:06:54,274, Level=ERROR, Pid=4921, File=search_command.py, Line=342, Traceback (most recent call last):
File "/apps/splunk/etc/apps/SA-ldapsearch/bin/packages/splunklib/searchcommands/search_command.py", line 316, in process
self._execute(operation, reader, writer)
File "/apps/splunk/etc/apps/SA-ldapsearch/bin/packages/splunklib/searchcommands/generating_command.py", line 79, in _execute
for record in operation():
File "/apps/splunk/etc/apps/SA-ldapsearch/bin/ldapsearch.py", line 79, in generate
configuration = app.Configuration(self)
File "/apps/splunk/etc/apps/SA-ldapsearch/bin/packages/app/configuration.py", line 42, in __init__
self._read_configuration()
File "/apps/splunk/etc/apps/SA-ldapsearch/bin/packages/app/configuration.py", line 151, in _read_configuration
configuration_file = command.service.confs['ldap']
File "/apps/splunk/etc/apps/SA-ldapsearch/bin/packages/splunklib/client.py", line 1599, in __getitem__
raise KeyError(key)
KeyError: 'ldap'
2014-10-14 14:12:51,172, Level=ERROR, Pid=6750, File=search_command.py, Line=278, Abnormal exit: Cannot find the default configuration stanza: HTTP 404 Not Found -- ldap does not exist.
I'm keen to get the new features like able to specify "base" at search time. I tried to run it on Splunk 6.1.1.
Cheers
For those following this post and with alerts set, rather than double post check this post http://answers.splunk.com/answers/229277/splunk-support-for-active-directory-why-does-ldaps.html
Hello all,
Unfortunately we are facing the same problem here. We have no results when using the dashboards on the path: active Directory > Users > User Reports > All (and all the others as well.). When running the query << |secrpt-all-users(DATASECLAB)
>> we get the following error:
External search command 'ldapsearch' returned error code 1. Script output = " ERROR Cannot find the configuration stanza for domain=***** in ldap.conf. "
And when looking at the sa-ldap-search.log we get the following:
Level=ERROR, Pid=3524, File=search_command.py, Line=282, Abnormal exit: '****'
Is this a known issue? We are using the latest version of ldapsearch. What should we do?
Thank you in advance
I find it interesting that the app is released before it has gone through quality control.
I downvoted this post because it isn't an answer, constructive, or even true. this looks to be a configuration error from the python traceback.
did you configure the ldap.conf in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local/ldap.conf?
I had to create the "local" directory, copy the ldap.conf from the ../default/ to local.
I cannot get V2.0 to connect to my LDAP but V1.1.3 connects and runs with no issue on Splunk V6.1.1
I have posted a question with my configs and ldap log results. Keep getting an "Invalid DN" from V2.0
When will this fix be out? I am also getting the "...configuration stanza for domain=None" message.
Same. That's a couple days of my life i'm never getting back. /sigh
Same issue for me too. On Splunk 6.1.4, SA-ldapsearch 2.0 returns "External search command 'ldapsearch' returned error code 1. Script output = " ERROR Cannot find the configuration stanza for domain=None. " I've reverted to using SA-ldapsearch 1.1.3 and it works fine.
Sorry - didn't see this until today. We got a whole bunch of support questions about this app and my recommendation is to wait for 2.0.1 before upgrading at this point. It's currently going through QA and will be released shortly.
Same issue for me too. On Splunk 6.1.3 and 6.2.0, SA-ldapsearch 2.0 returns "External search command 'ldapsearch' returned error code 1. Script output = " ERROR Cannot find the configuration stanza for domain=None. "
Same over here... 1.1.3 works fine but 2.0 I tried lots of different combinations and it doesn't work.