All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk ldaptestconnection error

soumyasaha25
Contributor
‎05-18-2020 03:16 AM

i am trying to connect to my 2nd LDAP instance using the SA-LDAPSearch app (Splunk Supporting Add-on for Active Directory 3.0.1) and am getting the below error 

External search command 'ldaptestconnection' returned error code 1. First 1000 (of 1921) bytes of script output: "error_message= # host: <hostname>: Could not access the directory service at ldaps://<hostname>:<ldaps_port>: ('unable to open socket', [(datetime.datetime(2020, 5, 18, 10, 57, 16, 524688), , LDAPSocketOpenError('socket connection error while opening: [Errno 110] Connection timed out',), ('<ip_address>', <ldaps_port>)), (datetime.datetime(2020, 5, 18, 10, 57, 31, 532624), , LDAPSocketOpenError('socket ssl wrapping error: [Errno 104] Connection reset by peer',), ('<ip_address>', <ldaps_port>)), (datetime.datetime(2020, 5, 18, 10, 59, 38, 860630), , LDAPSocketOpenError('socket connection error while opening: [Errno 110] Connection timed out',), ('<ip_address>', <ldaps_port>)), (datetime.datetime(2020, 5, 18, 10, 59, 53, 851213), , LDAPSocketOpenError('socket ssl wrapping error: [Errno 104] Connection reset by peer',), ('".

I do have a working ldap connection on a different domain that works fine and does not throw any error.
Is there any configs that i am missing or is it an issue with the connectivity from my splunk server to the ldap server?

0 Karma
Reply

PavelP
Motivator
‎05-18-2020 03:51 AM

Hello @soumyasaha25

there are two related errors which are repeated after the retry timeout:

LDAPSocketOpenError('socket connection error while opening: [Errno 110] Connection timed out',)
LDAPSocketOpenError('socket ssl wrapping error: [Errno 104] Connection reset by peer',)

Try this to find out if the reset is send on the TCP or on the SSL (TLS version, ciphers, certificate, cert path/CA, etc.) level:

openssl s_client -connect ldap_server_hostname:ldaps_port

alternatively run ldapsearch with -v flag

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...