installed the app with everything working with the exception of the Security:Audits option.
have followed and check the requirements for the hardware and other software requirements but keep having the same error
[subsearch]: External search command 'ldapsearch' returned error code 1. [subsearch]: ERROR: java.lang.NullPointerException: null
any advice where i should check to correct this ? thanks.
Hello all,
Unfortunately we are facing the same problem here. We have no results when using the dashboards on the path: active Directory > Users > User Reports > All (and all the others as well.). When running the query << |secrpt-all-users(DATASECLAB)
>> we get the following error:
External search command 'ldapsearch' returned error code 1. Script output = " ERROR Cannot find the configuration stanza for domain=** in ldap.conf. "
And when looking at the sa-ldap-search.log we get the following:
Level=ERROR, Pid=3524, File=search_command.py, Line=282, Abnormal exit: '*'
Is this a known issue? We are using the latest version of ldapsearch. What should we do?
Thank you in advance
hello !
i have the same issue, i am running on :
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
i got error :
[subsearch]: External search command 'ldapsearch' returned error code 1
[subsearch]: ERROR: java.lang.NullPointerException: null
Have the same error with Windows Infrastructure app 1.0.4, Java is version 1.8, splunk 6.2, ldapsearch 1.1.13 (downgraded due to a bug in 2.0). Running:
|`secrpt-all-orgunits(LAB01)`
The errors I get are:
ERROR: java.lang.NullPointerException: null
External search command 'ldapsearch' returned error code 1.
Splunk indexer on Debian 7.7 64, universal forwarder on Windows 2008 R2 64.
The server list in ldap.conf must be semi-colon separated. Otherwise a com.unboundid.ldap.sdk.LDAPException is thrown.
From the documentation:
"You may specify multiple servers by including a semi-colon separated list of hosts."
Same error with 1.7_17 installed. I don't want to install Linux splunk just to manage my entire windows fleet. Defeats the purpose of having it being windows based.
Is there a real ETA for a fix?
I'm getting exactly the same error, also with jre 1.7.0_07 installed
I've got the same error under opensuse 12.1 with java 1.7.0_07:
[subsearch]: External search command 'ldapsearch' returned error code 1.
[subsearch]: ERROR: java.lang.NullPointerException: null
Java version:
java -version
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)
I'm getting exactly the same error, also with jre 1.7.0_07 installed.
Installed the latest version of Java:
This version resolved most of the errors I received but there is still a message that I don't know how to fix:
In my case I would get a response from ping for the IP but not the hostname. In the ldap.conf use the IP instead of the hostname in the domain stanza. Example, change "server = hostname.domain" to "server = 1.2.3.4".
I'm also hoping to find a solution to this.
I am running into the same error. Did you ever find a solution? Thanks.
I installed Java 7 Update 7 (64-bit) and it resolved the issues for me.
"Confirm that Java SE (Standard Edition) runtime environment version 1.7 or greater is installed on all servers upon which you have installed the SA-ldapsearch supporting add-on."
This is on their troubleshooting page for the application. I have Java 7 update 7 installed though and still getting the error. Are you running your Deployment server on Windows or *nix? The reason I ask is because I found this post in another thread about this issue:
"
Current known issues
The LDAP search commands (that install on the central Splunk App for
Active Directory instance) do not work on Windows operating systems,
owing to platform compatibility issues. As a workaround, build your central
Splunk instance around the Linux platform (MSAD-73).
·
The LDAP search commands do not work for sub-domains in an AD forest
(MSAD-105).
·
Older versions of the universal forwarder might not correctly get some
Windows events. To fix this issue, upgrade your forwarders to the latest
version. (SPL-51312)
·
52 "
Also experiencing more or less the same issue...
What version of Java is needed to run on my Splunk central server(linux CentOS 6.) with the Splunk for Active Directory application?
Running into this very same issue....did you get a resolution on this?