All Apps and Add-ons

How to fix External search command 'ldapsearch' returned error code 15?

rayar
Contributor

I am running the ldapsearch in scheduled report  which initially runs outputlookup and getting the below error message 

the ldapsearch returns 250 results and working properly once I am running it manually 

05-26-2022 04:08:16.147 +0300 ERROR SearchMessages - orig_component="script" app="amdocscybermain" sid="scheduler__odeliab__amdocscybermain__RMD59063549f9a2aae97_at_1653527160_38496" message_key="EXTERN:SCRIPT_NONZERO_RETURN"
message=External search command 'ldapsearch' returned error code 15. .
Labels (2)
0 Karma
1 Solution

razdansu
Explorer

@rayar  anddddd if nothing works, just update the ADD-ON to its latest version 3.0.4

I used this version and got the scheduled report on email

and tell me if its fixed

View solution in original post

0 Karma

razdansu
Explorer

@rayar Kindly check firewall settings of both client machines and ADMIN/ AD server machine

check authentication  as well as try to ping (run ping command from AD server to ensure a stable connection)

0 Karma

rayar
Contributor

the same query is running from same machine properly 

we are getting this issue for scheduled report only , so I don't think its related to the Firewall 

0 Karma

razdansu
Explorer

@rayar

razdansu_0-1654168811951.png

 

0 Karma

razdansu
Explorer

@rayar  hey buddy 

 

1. So u are getting events upon maunally searching the command 

and for the same events u had created a report using (cron ) I guess every 5 minutes ?

2. which version of this add on,

as well as splunk are u on ?

3. have u recently upgraded anything (add on / splunk) had u created this report u are talking about  in some previous version  (add on / splunk)

 

ps I am intrested in ur case and want to help

0 Karma

rayar
Contributor

Hi

The steps are correct 

We have upgraded from Splunk 7.XX to Splunk 8.2.5 with PS 

I think the issue started after few days  

Splunk Supporting Add-on for Active DirectorySA-ldapsearch3.0.1
Tags (1)
0 Karma

razdansu
Explorer

@rayar  anddddd if nothing works, just update the ADD-ON to its latest version 3.0.4

I used this version and got the scheduled report on email

and tell me if its fixed

0 Karma

razdansu
Explorer

@rayar 

razdansu_0-1654254759372.png

 

Check the configuration and try clicking on "Run" I received the report on email after I clicked the "Run " button I have scribbled  Above

 

Also see screenshots , if u are missing something

razdansu_1-1654255115239.png

 

CHECK your email ID too

A simple letter could be capitalized and your whole email would be considered wrong 

 

razdansu_2-1654255319854.png

razdansu_3-1654255331043.png

 

 

 

 

 

0 Karma

razdansu
Explorer

“Error code 15: This request was blocked by the security rules” 

Check if your server is allowed to get data from other machines from which you are fetching the data

Also check DATE and TIME settings

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...