All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SA-ldapsearch.log is missing - AD domain not found

barisca009
New Member
‎09-21-2014 05:17 AM

Hi all,
In my test environment,
1 Domain controller windows server 2012 r2 , ip 172.16.1.10 , fqdn=spdc.nwtraders.msft
1 member server(windows server 2008 r2, .net 45 is installed , powershell 3 is installed) which splunk(splunk-6.1.3-220630-x64-release.msi) runs on it.

I have installed universal forwarder(splunkforwarder-6.1.3-220630-x64-release) on domain controller and have copied SA-ModularInput-PowerShell, Splunk_TA_windows, TA-DNSServer-NT6, TA-DomainController-2012R2 in C:\Program Files\SplunkUniversalForwarder\etc\apps folder.

powershell app,microsoft windows app,sa-ldapsearch app,windows infrastruce apps are installed on splunk instance which is run on member server.

Splunk has a receiver and listens on tcp 12345 which UF uses to forward data as well

When I try to detect; domain,domain controller,users,computers are not found

The configuration of ldap.conf(Program Files\Splunk\etc\apps\SA-ldapsearch\local) file is shown as below.

[nwtraders.msft]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

[default]
server = 172.16.1.10

SA-ldapsearch.log file is also missing! So I could not troubleshoot the issue.
Any help would be nice
Regards

Tags (3)
0 Karma
Reply

gpareesi11
Path Finder
‎06-30-2015 04:55 AM

Hi, can you try to modify your ldap.conf has follow:

[default]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

The SA-ldapsearch.log should be in $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log

Thank you

0 Karma
Reply

tjjones0362
Explorer
‎10-03-2014 08:53 AM

I'm having the same problem. Ever find a solution?

0 Karma
Reply

barisca009
New Member
‎09-25-2014 03:14 AM

At least, has anyone got and idea about why sa-ldapsearch.log is missing ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...