All Apps and Add-ons

Splunk Add-on for Active Directory 2.2.0 Returns No Results and Error "

trav271
Explorer

I'm trying to setup the add-on currently on a HF and for what should be a simple setup, this is a massive pain.

The HF is setup to forward the data on to the indexer as a receiver. And the app is installed with no permission issues. Here's the syntax of what I put into the UI to set this up:

Domain Name: domain.net
Alternate Domain Name: DOMAIN

Base DN: DC=domain,DC=net

Hostname: ex-dc-host-domain.net
Port: 636
SSL: Enabled

Bind DN: CN=splunk,OU=SomeTypeOfAccount,OU=DomainInternal,DC=domain,DC=net
Password: provided_password

When I go to test the connection all I see is:

Result
No results found.

Error
"

Has anyone seen this and knows what that rather unhelpful error message means? I've looked around but can't find anyone else with this issue and there is a LOT of conflicting documentation on this app out there due to deprecation and all kinds of nonsense. I used the following link to set this up:

https://docs.splunk.com/Documentation/SA-LdapSearch/2.2.0/User/DeploytheSplunkSupportingAdd-onforAct...

The app is installed on the HF and the Indexers, it's a clustered indexer env, no SHC. Any help is massively appreciated.

Tags (1)
0 Karma
1 Solution

trav271
Explorer

Ended up solving this myself. My solution is to tell people not to use the GUI for this as it does a very poor job on returning the actual error for you to begin tracking the issue down. What's best is to just use the config files, then test in the search bar yourself but ENABLE DEBUGGING in the search bar. The errors that are returned are far more useful. In the end after making my changes I'd then go to my HF and run

| ldaptestconnection domain=domain.net debug=true

The results this returned allowed me to very quickly diagnose a DNS issue and fix within minutes. It would be nice if the devs would make the test-connection actually return the error results and also run in debug since that is likely what you want to see when testing. shrug

View solution in original post

0 Karma

trav271
Explorer

Ended up solving this myself. My solution is to tell people not to use the GUI for this as it does a very poor job on returning the actual error for you to begin tracking the issue down. What's best is to just use the config files, then test in the search bar yourself but ENABLE DEBUGGING in the search bar. The errors that are returned are far more useful. In the end after making my changes I'd then go to my HF and run

| ldaptestconnection domain=domain.net debug=true

The results this returned allowed me to very quickly diagnose a DNS issue and fix within minutes. It would be nice if the devs would make the test-connection actually return the error results and also run in debug since that is likely what you want to see when testing. shrug

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...