All Apps and Add-ons

Splunk ldaptestconnection error

soumyasaha25
Contributor

i am trying to connect to my 2nd LDAP instance using the SA-LDAPSearch app (Splunk Supporting Add-on for Active Directory 3.0.1) and am getting the below error

External search command 'ldaptestconnection' returned error code 1. First 1000 (of 1921) bytes of script output: "error_message= # host: <hostname>: Could not access the directory service at ldaps://<hostname>:<ldaps_port>: ('unable to open socket', [(datetime.datetime(2020, 5, 18, 10, 57, 16, 524688), , LDAPSocketOpenError('socket connection error while opening: [Errno 110] Connection timed out',), ('<ip_address>', <ldaps_port>)), (datetime.datetime(2020, 5, 18, 10, 57, 31, 532624), , LDAPSocketOpenError('socket ssl wrapping error: [Errno 104] Connection reset by peer',), ('<ip_address>', <ldaps_port>)), (datetime.datetime(2020, 5, 18, 10, 59, 38, 860630), , LDAPSocketOpenError('socket connection error while opening: [Errno 110] Connection timed out',), ('<ip_address>', <ldaps_port>)), (datetime.datetime(2020, 5, 18, 10, 59, 53, 851213), , LDAPSocketOpenError('socket ssl wrapping error: [Errno 104] Connection reset by peer',), ('".

I do have a working ldap connection on a different domain that works fine and does not throw any error.
Is there any configs that i am missing or is it an issue with the connectivity from my splunk server to the ldap server?

0 Karma

PavelP
Motivator

Hello @soumyasaha25

there are two related errors which are repeated after the retry timeout:

LDAPSocketOpenError('socket connection error while opening: [Errno 110] Connection timed out',)
LDAPSocketOpenError('socket ssl wrapping error: [Errno 104] Connection reset by peer',)

Try this to find out if the reset is send on the TCP or on the SSL (TLS version, ciphers, certificate, cert path/CA, etc.) level:

openssl s_client -connect ldap_server_hostname:ldaps_port

alternatively run ldapsearch with -v flag

0 Karma
Get Updates on the Splunk Community!

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...