All Apps and Add-ons

Splunk for Active Directory App issue with java

EricksonOng
Explorer

installed the app with everything working with the exception of the Security:Audits option.

have followed and check the requirements for the hardware and other software requirements but keep having the same error

[subsearch]: External search command 'ldapsearch' returned error code 1. [subsearch]: ERROR: java.lang.NullPointerException: null

any advice where i should check to correct this ? thanks.

mvergetis
New Member

Hello all,

Unfortunately we are facing the same problem here. We have no results when using the dashboards on the path: active Directory > Users > User Reports > All (and all the others as well.). When running the query << |secrpt-all-users(DATASECLAB) >> we get the following error:

External search command 'ldapsearch' returned error code 1. Script output = " ERROR Cannot find the configuration stanza for domain=** in ldap.conf. "

And when looking at the sa-ldap-search.log we get the following:

Level=ERROR, Pid=3524, File=search_command.py, Line=282, Abnormal exit: '*'

Is this a known issue? We are using the latest version of ldapsearch. What should we do?

Thank you in advance

0 Karma

jeandez
Explorer

hello !
i have the same issue, i am running on :
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)

i got error :
[subsearch]: External search command 'ldapsearch' returned error code 1
[subsearch]: ERROR: java.lang.NullPointerException: null

0 Karma

f_luciani
Path Finder

Have the same error with Windows Infrastructure app 1.0.4, Java is version 1.8, splunk 6.2, ldapsearch 1.1.13 (downgraded due to a bug in 2.0). Running:

|`secrpt-all-orgunits(LAB01)`

The errors I get are:

ERROR: java.lang.NullPointerException: null

External search command 'ldapsearch' returned error code 1. 

Splunk indexer on Debian 7.7 64, universal forwarder on Windows 2008 R2 64.

0 Karma

my2ndhead
SplunkTrust
SplunkTrust

The server list in ldap.conf must be semi-colon separated. Otherwise a com.unboundid.ldap.sdk.LDAPException is thrown.

From the documentation:
"You may specify multiple servers by including a semi-colon separated list of hosts."

mbalasko
Explorer

Same error with 1.7_17 installed. I don't want to install Linux splunk just to manage my entire windows fleet. Defeats the purpose of having it being windows based.

Is there a real ETA for a fix?

0 Karma

freman
New Member

I'm getting exactly the same error, also with jre 1.7.0_07 installed

0 Karma

domteich
Explorer

I've got the same error under opensuse 12.1 with java 1.7.0_07:

[subsearch]: External search command 'ldapsearch' returned error code 1. 
[subsearch]: ERROR: java.lang.NullPointerException: null

Java version:

java -version
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)
0 Karma

nmercer
New Member

I'm getting exactly the same error, also with jre 1.7.0_07 installed.

0 Karma

denisevw
Path Finder

Installed the latest version of Java:

  • java version "1.7.0_05-icedtea"
  • OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
  • OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)

This version resolved most of the errors I received but there is still a message that I don't know how to fix:

  • [subsearch]: External search command 'ldapsearch' returned error code 1.
  • [subsearch]: ERROR: com.unboundid.ldap.sdk.LDAPException: Unable to establish a connection to any server in the fastest connect set because connection attempts failed in all servers.

awsdcuser
Explorer

In my case I would get a response from ping for the IP but not the hostname. In the ldap.conf use the IP instead of the hostname in the domain stanza. Example, change "server = hostname.domain" to "server = 1.2.3.4".

0 Karma

itghelp
Path Finder

I'm also hoping to find a solution to this.

0 Karma

awsdcuser
Explorer

I am running into the same error. Did you ever find a solution? Thanks.

0 Karma

bwindham
Path Finder

I installed Java 7 Update 7 (64-bit) and it resolved the issues for me.

rdpetti
Engager

"Confirm that Java SE (Standard Edition) runtime environment version 1.7 or greater is installed on all servers upon which you have installed the SA-ldapsearch supporting add-on."

This is on their troubleshooting page for the application. I have Java 7 update 7 installed though and still getting the error. Are you running your Deployment server on Windows or *nix? The reason I ask is because I found this post in another thread about this issue:

"
Current known issues
The LDAP search commands (that install on the central Splunk App for
Active Directory instance) do not work on Windows operating systems,
owing to platform compatibility issues. As a workaround, build your central
Splunk instance around the Linux platform (MSAD-73).
·
The LDAP search commands do not work for sub-domains in an AD forest
(MSAD-105).
·
Older versions of the universal forwarder might not correctly get some
Windows events. To fix this issue, upgrade your forwarders to the latest
version. (SPL-51312)
·
52
"

denisevw
Path Finder

Also experiencing more or less the same issue...
What version of Java is needed to run on my Splunk central server(linux CentOS 6.) with the Splunk for Active Directory application?

0 Karma

bwindham
Path Finder

Running into this very same issue....did you get a resolution on this?

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!