- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for AWS: Why am I getting Invalid Credentials Error when Integrating Splunk with LDAP for authentication?
Hello,
I have done my research and did not find an answer for this issue. We are using the Splunk App for AWS and getting an error when saving the settings for LDAP. There are two errors that I get and both has to do with the entry in bind dn.
If bind dn = cn=splunktest,cn=users,dc=domain,dc=local
The error reads: Encountered the following error while trying to save: in handler 'LDAP-Auth': strategy="Splunk LDAP" Error binding to LDAP. reason="invalid credintials"
If bind dn = cn Splunk Test,cn=users,dc=domaindc=local
The error reads: Encountered the following error while trying to save: in handler 'LDAP-Auth': strategy="Splunk LDAP" Error binding to LDAP. reason="Strong(er) authentication required"
My LDAP set up is below:
LDAP Strategy Name: Splunk LDAP
Host: IP Address
Port: 389
Bind DN: cn=splunktest,cn=users,dc=domain,dc=local
Bind DN Password: password
Confirm Password: password
User Base DN: dc=domain,dc=local
User Base Filter:
User Name Attribute: uid
Real Name Attribute: cn
Email Attribute: mail
Group Mapping Attribute: dn
Group Base DN: cn=Splunk Admins,ou=splunk,ou=apps,dc=domain,dc=local
Static Group Search Filter:
Group Name Attribute: cn
Static Member Attribute: memeberUid
Advanced Settings
Search Request Size Limit: 1000
Search Request Time Limit: 15
Network Socket Timeout : 20
Thanks in advance for any replies on getting this solved.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any help from Splunk support is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi maxmillianr,
Check if this is working for you.
Make sure you have all the correct details required for this configuration. You can get this by contacting your AD administrator.
Host:
Bind DN: distinguishedName of that Generic ID/user. in your case i think your user is "splunktest".
Bind DN Password:
Confirm Password:
User Base DN: This is nothing but distinguishedName of container under which all domain users are listed.
Group Base DN: This is nothing but distinguishedName of container under which all your groups are listed.
LDAP Strategy Name: Splunk LDAP
Host: AD server IP/Hostname OR Load balancer URL.
Port: 389
Bind DN: cn=splunktest,cn=users,dc=domain,dc=local
Bind DN Password: password
Confirm Password: password
User Base DN: dc=domain,dc=local
User Base Filter:
User Name Attribute: samaccountname
Real Name Attribute: displayname
Email Attribute: mail
Group Mapping Attribute: dn
Group Base DN: cn=Splunk Admins,ou=splunk,ou=apps,dc=domain,dc=local
Static Group Search Filter:
Group Name Attribute: cn
Static Member Attribute: member
Advanced Settings
Search Request Size Limit: 1000
Search Request Time Limit: 15
Network Socket Timeout : 20
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am the AD Administrator and I tried the above suggestions but it didn't work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you confirm your ldap user 'splunktest' credentials are working properly by logging to your domain machine as domain user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can login/bind to ldp.exe on the domain controller and can view the tree.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nevermind I figured it out. We had some GPOs enabled that were interfering with LDAP connectivity. We are all good now.
