All Apps and Add-ons

How to fix External search command 'ldapsearch' returned error code 15?

rayar
Communicator

I am running the ldapsearch in scheduled report  which initially runs outputlookup and getting the below error message 

the ldapsearch returns 250 results and working properly once I am running it manually 

05-26-2022 04:08:16.147 +0300 ERROR SearchMessages - orig_component="script" app="amdocscybermain" sid="scheduler__odeliab__amdocscybermain__RMD59063549f9a2aae97_at_1653527160_38496" message_key="EXTERN:SCRIPT_NONZERO_RETURN"
message=External search command 'ldapsearch' returned error code 15. .
Labels (2)
0 Karma
1 Solution

razdansu
Explorer

@rayar  anddddd if nothing works, just update the ADD-ON to its latest version 3.0.4

I used this version and got the scheduled report on email

and tell me if its fixed

View solution in original post

0 Karma

razdansu
Explorer

@rayar Kindly check firewall settings of both client machines and ADMIN/ AD server machine

check authentication  as well as try to ping (run ping command from AD server to ensure a stable connection)

0 Karma

rayar
Communicator

the same query is running from same machine properly 

we are getting this issue for scheduled report only , so I don't think its related to the Firewall 

0 Karma

razdansu
Explorer

@rayar

razdansu_0-1654168811951.png

 

0 Karma

razdansu
Explorer

@rayar  hey buddy 

 

1. So u are getting events upon maunally searching the command 

and for the same events u had created a report using (cron ) I guess every 5 minutes ?

2. which version of this add on,

as well as splunk are u on ?

3. have u recently upgraded anything (add on / splunk) had u created this report u are talking about  in some previous version  (add on / splunk)

 

ps I am intrested in ur case and want to help

0 Karma

rayar
Communicator

Hi

The steps are correct 

We have upgraded from Splunk 7.XX to Splunk 8.2.5 with PS 

I think the issue started after few days  

Splunk Supporting Add-on for Active DirectorySA-ldapsearch3.0.1
Tags (1)
0 Karma

razdansu
Explorer

@rayar  anddddd if nothing works, just update the ADD-ON to its latest version 3.0.4

I used this version and got the scheduled report on email

and tell me if its fixed

0 Karma

razdansu
Explorer

@rayar 

razdansu_0-1654254759372.png

 

Check the configuration and try clicking on "Run" I received the report on email after I clicked the "Run " button I have scribbled  Above

 

Also see screenshots , if u are missing something

razdansu_1-1654255115239.png

 

CHECK your email ID too

A simple letter could be capitalized and your whole email would be considered wrong 

 

razdansu_2-1654255319854.png

razdansu_3-1654255331043.png

 

 

 

 

 

0 Karma

razdansu
Explorer

“Error code 15: This request was blocked by the security rules” 

Check if your server is allowed to get data from other machines from which you are fetching the data

Also check DATE and TIME settings

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...