All Apps and Add-ons

Splunk Support for Active Directory: Why am I getting "SASLprep error: inappropriate for plain text character present"?

vsingla1
Communicator

I have the Splunk Support for Active Directory version 2.1.3 and there are 100 scheduled searches that run once in a quarter and make use of the ldapfetch command. Why am I getting this error?:

2016-05-03 09:55:47,380, Level=ERROR, Pid=59212, File=search_command.py, Line=282, Abnormal exit: SASLprep error: inappropriate for plain text character present

This log entry is picked up from SA-ldapsearch.log.
The result of this error is that the scheduled search is terminated without any output events.

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

Looks like the username or password you're using for your LDAP binding contains an invalid/unsupported character.

https://www.ietf.org/rfc/rfc4013.txt

AFAIK, c6 is the latin character Æ, but i'm not certain on this... just what i found googling latin ascii table c6:

http://www.tutorialspoint.com/html/ascii_table_lookup.htm

Check your ldap bind username/password for any funny characters. Retype them for good measure.

To figure this out i opened search_command.py, went to line 282 which is where I found it was just an error_exit function. So then i look at sasl part of the error, opened sasl.py, found line 91 to be the exact error you had... and then I read the rfc on stringprep which is being used at that point.

View solution in original post

jkat54
SplunkTrust
SplunkTrust

Looks like the username or password you're using for your LDAP binding contains an invalid/unsupported character.

https://www.ietf.org/rfc/rfc4013.txt

AFAIK, c6 is the latin character Æ, but i'm not certain on this... just what i found googling latin ascii table c6:

http://www.tutorialspoint.com/html/ascii_table_lookup.htm

Check your ldap bind username/password for any funny characters. Retype them for good measure.

To figure this out i opened search_command.py, went to line 282 which is where I found it was just an error_exit function. So then i look at sasl part of the error, opened sasl.py, found line 91 to be the exact error you had... and then I read the rfc on stringprep which is being used at that point.

jkat54
SplunkTrust
SplunkTrust

Further searching reveals all the c4 xx hex characters found in this UTF-8 reference here:
http://www.utf8-chartable.de/unicode-utf8-table.pl?number=512

Some look just like normal letters... like j G A, etc. but they are "high level" characters that arent found on a normal keyboard and are incompatible with LDAP as per RFCs. You'll find some of the exact same letters higher/sooner in the UTF chart, those are the "low level" ASCII characters you should be using.

Just retype your user/pass using an ANSI keyboard.
https://deskthority.net/wiki/ANSI_vs_ISO

0 Karma

vsingla1
Communicator

I retyped my password and the error went away.
Thanks for your tip.

0 Karma

jkat54
SplunkTrust
SplunkTrust

The pleasure is all mine! Thanks for marking as the answer.

0 Karma

vsingla1
Communicator

Does anyone else face the same issue? Will someone care to answer my question?

0 Karma

jkat54
SplunkTrust
SplunkTrust

It says inappropriate plain text character present... I assume this means some high level ascii character is somewhere but it's expecting plain text at that point. I'll check the Python code later and let you know what it could be.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...