Splunk for Active Directory App issue with java

EricksonOng · ‎08-23-2012

installed the app with everything working with the exception of the Security:Audits option.

have followed and check the requirements for the hardware and other software requirements but keep having the same error

[subsearch]: External search command 'ldapsearch' returned error code 1. [subsearch]: ERROR: java.lang.NullPointerException: null

any advice where i should check to correct this ? thanks.

mvergetis · ‎05-06-2015

Hello all,

Unfortunately we are facing the same problem here. We have no results when using the dashboards on the path: active Directory > Users > User Reports > All (and all the others as well.). When running the query << |secrpt-all-users(DATASECLAB) >> we get the following error:

External search command 'ldapsearch' returned error code 1. Script output = " ERROR Cannot find the configuration stanza for domain=** in ldap.conf. "

And when looking at the sa-ldap-search.log we get the following:

Level=ERROR, Pid=3524, File=search_command.py, Line=282, Abnormal exit: '*'

Is this a known issue? We are using the latest version of ldapsearch. What should we do?

Thank you in advance

jeandez · ‎09-11-2014

hello !
i have the same issue, i am running on :
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)

i got error :
[subsearch]: External search command 'ldapsearch' returned error code 1
[subsearch]: ERROR: java.lang.NullPointerException: null

f_luciani · ‎11-04-2014

Have the same error with Windows Infrastructure app 1.0.4, Java is version 1.8, splunk 6.2, ldapsearch 1.1.13 (downgraded due to a bug in 2.0). Running:

|`secrpt-all-orgunits(LAB01)`

The errors I get are:

ERROR: java.lang.NullPointerException: null

External search command 'ldapsearch' returned error code 1.

Splunk indexer on Debian 7.7 64, universal forwarder on Windows 2008 R2 64.

my2ndhead · ‎12-02-2013

The server list in ldap.conf must be semi-colon separated. Otherwise a com.unboundid.ldap.sdk.LDAPException is thrown.

From the documentation:
"You may specify multiple servers by including a semi-colon separated list of hosts."

mbalasko · ‎03-20-2013

Same error with 1.7_17 installed. I don't want to install Linux splunk just to manage my entire windows fleet. Defeats the purpose of having it being windows based.

Is there a real ETA for a fix?

freman · ‎12-20-2012

I'm getting exactly the same error, also with jre 1.7.0_07 installed

domteich · ‎09-19-2012

I've got the same error under opensuse 12.1 with java 1.7.0_07:

[subsearch]: External search command 'ldapsearch' returned error code 1. 
[subsearch]: ERROR: java.lang.NullPointerException: null

Java version:

java -version
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)

nmercer · ‎09-20-2012

I'm getting exactly the same error, also with jre 1.7.0_07 installed.

denisevw · ‎09-12-2012

Installed the latest version of Java:

java version "1.7.0_05-icedtea"
OpenJDK Runtime Environment (rhel-2.2.1.el6_3.3-x86_64)
OpenJDK 64-Bit Server VM (build 23.0-b21, mixed mode)

This version resolved most of the errors I received but there is still a message that I don't know how to fix:

[subsearch]: External search command 'ldapsearch' returned error code 1.
[subsearch]: ERROR: com.unboundid.ldap.sdk.LDAPException: Unable to establish a connection to any server in the fastest connect set because connection attempts failed in all servers.

awsdcuser · ‎02-27-2014

In my case I would get a response from ping for the IP but not the hostname. In the ldap.conf use the IP instead of the hostname in the domain stanza. Example, change "server = hostname.domain" to "server = 1.2.3.4".

itghelp · ‎02-26-2014

I'm also hoping to find a solution to this.

awsdcuser · ‎05-16-2013

I am running into the same error. Did you ever find a solution? Thanks.

bwindham · ‎09-06-2012

I installed Java 7 Update 7 (64-bit) and it resolved the issues for me.

rdpetti · ‎09-06-2012

"Confirm that Java SE (Standard Edition) runtime environment version 1.7 or greater is installed on all servers upon which you have installed the SA-ldapsearch supporting add-on."

This is on their troubleshooting page for the application. I have Java 7 update 7 installed though and still getting the error. Are you running your Deployment server on Windows or *nix? The reason I ask is because I found this post in another thread about this issue:

"
Current known issues
The LDAP search commands (that install on the central Splunk App for
Active Directory instance) do not work on Windows operating systems,
owing to platform compatibility issues. As a workaround, build your central
Splunk instance around the Linux platform (MSAD-73).
·
The LDAP search commands do not work for sub-domains in an AD forest
(MSAD-105).
·
Older versions of the universal forwarder might not correctly get some
Windows events. To fix this issue, upgrade your forwarders to the latest
version. (SPL-51312)
·
52 "

denisevw · ‎09-05-2012

Also experiencing more or less the same issue...
What version of Java is needed to run on my Splunk central server(linux CentOS 6.) with the Splunk for Active Directory application?

bwindham · ‎08-31-2012

Running into this very same issue....did you get a resolution on this?

Splunk for Active Directory App issue with java

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk