I am setting up the Splunk app for Windows Infrastructure. Dashboards I expect to work are working. HOW EVER I am not seeing:
Group Audit >> Full Group Membership dashboard is throwing this error.
External search command 'ldapgroup' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/default. "
So far no other dashboards are having problems. I reviewed my SA-ldapsearch apps
here is my ldap.conf config
alternatedomain = SOMEDOMANI
basedn = DC=somedomain,DC=com
binddn = somedomain\SvcSplunkLDAP
port = 389
server = awesomeserver01
ssl = 0
Any ideas here?
I had the same problem. There seems to be a bug in the add-on. Try moving the configuration over to the default stanza instead of using a custom one (somedomain.com in your case).
See the following thread: https://answers.splunk.com/answers/172847/ldapfilter-is-giving-me-error-missing-required-val.html
It is telling you what it needs. I don't know why but it requires you to configure an alternate domain in the default setting. Go back and add a value and it should work.