All Apps and Add-ons

Splunk App for AWS: Why am I getting Invalid Credentials Error when Integrating Splunk with LDAP for authentication?

maxmillianr
New Member

Hello,
I have done my research and did not find an answer for this issue. We are using the Splunk App for AWS and getting an error when saving the settings for LDAP. There are two errors that I get and both has to do with the entry in bind dn.

If bind dn = cn=splunktest,cn=users,dc=domain,dc=local
The error reads: Encountered the following error while trying to save: in handler 'LDAP-Auth': strategy="Splunk LDAP" Error binding to LDAP. reason="invalid credintials"

If bind dn = cn Splunk Test,cn=users,dc=domaindc=local
The error reads: Encountered the following error while trying to save: in handler 'LDAP-Auth': strategy="Splunk LDAP" Error binding to LDAP. reason="Strong(er) authentication required"

My LDAP set up is below:

LDAP Strategy Name: Splunk LDAP
Host: IP Address
Port: 389
Bind DN: cn=splunktest,cn=users,dc=domain,dc=local
Bind DN Password: password
Confirm Password: password

User Base DN: dc=domain,dc=local
User Base Filter: 
User Name Attribute: uid
Real Name Attribute: cn
Email Attribute: mail
Group Mapping Attribute: dn

Group Base DN: cn=Splunk Admins,ou=splunk,ou=apps,dc=domain,dc=local
Static Group Search Filter: 
Group Name Attribute: cn
Static Member Attribute: memeberUid

Advanced Settings
Search Request Size Limit: 1000
Search Request Time Limit: 15
Network Socket Timeout : 20

Thanks in advance for any replies on getting this solved.

0 Karma

maxmillianr
New Member

Any help from Splunk support is appreciated.

0 Karma

anjambha
Communicator

Hi maxmillianr,

Check if this is working for you.

Make sure you have all the correct details required for this configuration. You can get this by contacting your AD administrator.

Host:
Bind DN: distinguishedName of that Generic ID/user. in your case i think your user is "splunktest".
Bind DN Password:
Confirm Password:
User Base DN: This is nothing but distinguishedName of container under which all domain users are listed.
Group Base DN: This is nothing but distinguishedName of container under which all your groups are listed.

LDAP Strategy Name: Splunk LDAP
 Host: AD server IP/Hostname OR Load balancer URL.
 Port: 389
 Bind DN: cn=splunktest,cn=users,dc=domain,dc=local
 Bind DN Password: password
 Confirm Password: password

 User Base DN: dc=domain,dc=local
 User Base Filter: 
 User Name Attribute: samaccountname
 Real Name Attribute: displayname
 Email Attribute: mail
 Group Mapping Attribute: dn

 Group Base DN: cn=Splunk Admins,ou=splunk,ou=apps,dc=domain,dc=local
 Static Group Search Filter: 
 Group Name Attribute: cn
 Static Member Attribute: member

 Advanced Settings
 Search Request Size Limit: 1000
 Search Request Time Limit: 15
 Network Socket Timeout : 20
0 Karma

maxmillianr
New Member

I am the AD Administrator and I tried the above suggestions but it didn't work.

0 Karma

anjambha
Communicator

Did you confirm your ldap user 'splunktest' credentials are working properly by logging to your domain machine as domain user.

0 Karma

maxmillianr
New Member

I can login/bind to ldp.exe on the domain controller and can view the tree.

0 Karma

maxmillianr
New Member

nevermind I figured it out. We had some GPOs enabled that were interfering with LDAP connectivity. We are all good now.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...