All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SA-ldapsearch.log is missing - AD domain not found

barisca009
New Member
‎09-21-2014 05:17 AM

Hi all,
In my test environment,
1 Domain controller windows server 2012 r2 , ip 172.16.1.10 , fqdn=spdc.nwtraders.msft
1 member server(windows server 2008 r2, .net 45 is installed , powershell 3 is installed) which splunk(splunk-6.1.3-220630-x64-release.msi) runs on it.

I have installed universal forwarder(splunkforwarder-6.1.3-220630-x64-release) on domain controller and have copied SA-ModularInput-PowerShell, Splunk_TA_windows, TA-DNSServer-NT6, TA-DomainController-2012R2 in C:\Program Files\SplunkUniversalForwarder\etc\apps folder.

powershell app,microsoft windows app,sa-ldapsearch app,windows infrastruce apps are installed on splunk instance which is run on member server.

Splunk has a receiver and listens on tcp 12345 which UF uses to forward data as well

When I try to detect; domain,domain controller,users,computers are not found

The configuration of ldap.conf(Program Files\Splunk\etc\apps\SA-ldapsearch\local) file is shown as below.

[nwtraders.msft]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

[default]
server = 172.16.1.10

SA-ldapsearch.log file is also missing! So I could not troubleshoot the issue.
Any help would be nice
Regards

Tags (3)
0 Karma
Reply

gpareesi11
Path Finder
‎06-30-2015 04:55 AM

Hi, can you try to modify your ldap.conf has follow:

[default]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

The SA-ldapsearch.log should be in $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log

Thank you

0 Karma
Reply

tjjones0362
Explorer
‎10-03-2014 08:53 AM

I'm having the same problem. Ever find a solution?

0 Karma
Reply

barisca009
New Member
‎09-25-2014 03:14 AM

At least, has anyone got and idea about why sa-ldapsearch.log is missing ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top