All Apps and Add-ons

TA-LDAP app "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

kpavan
Path Finder

Hi All,

Am trying to connect one of ldap server using TA-LDAP app but for some reason am getting this error while running ldap searches

|ldap basedn="dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"
and
|ldap basedn="ou=SelfRegUser,dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"

Error while executing search command:
"External search command 'ldap' returned error code 1."

And also tried enabling debug logs and got below error, but i am not sure what this error means

Error after enabled debug log:
"ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

ldap.conf:
[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi there,

Sorry I missed this post, because the notification for the tag did not work for me 😞

Let me know should you still need help with this.

cheers, MuS

0 Karma

Grumpalot
Communicator

Ok, just to verify the current setup the ldap.conf in /apps/TA-LDAP/Defualt/ldap.conf looks like this

# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#

[bund]
server = x500.bund.de
port = 389
binddn = 
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0

[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)

and your new ldap.conf file is located in /apps/TA-LDAP/local/ldap.conf and it looks like

[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)

If your current setup does not look like this please give it a try like the above setup and restart splunk then let me know what happens.

0 Karma

kpavan
Path Finder

Yes, currently I have same configuration the ldap.conf in /apps/TA-LDAP/local/

0 Karma

Grumpalot
Communicator

Ok taking a look at the code from the python script it is looking for the following.

try: # lets do it
    if myDebug == "yes": logger.info( "read the default options from ldap.conf..." ) # logger
    if myDebug == "yes": logger.info( "reading server from ldap.conf..." ) # logger
    server = parser.get(section_name, 'server')

    # always check username and password in ldap.conf, never provided by user!
    if myDebug == "yes": logger.info( "reading user/pwd from ldap.conf..." ) # logger
    password = parser.get(section_name, 'password')
    binddn = parser.get(section_name, 'binddn')

    # check for user provided basedn options or use [default] stanza
    if myDebug == "yes": logger.info( "reading basedn from ldap.conf..." ) # logger
    if basedn == "basedn":
        basedn = parser.get(section_name, 'basedn')
    else:
        basedn = basedn

    # check for user provided ldap_filter options or use [default] stanza
    if myDebug == "yes": logger.info( "reading ldap_filter from ldap.conf..." ) # logger
    if ldap_filter == "0":
        ldap_filter = parser.get(section_name, 'ldap_filter')
    else:
        ldap_filter = ldap_filter

    # check for user provided scope options or use [default] stanza
    if myDebug == "yes": logger.info( "reading base from ldap.conf..." ) # logger
    if scope == "base":
        scope = ldap.SCOPE_BASE
    elif scope == "one":
        scope = ldap.SCOPE_ONELEVEL
    else:
        scope = ldap.SCOPE_SUBTREE

    # check for user provided port options or use [default] stanza
    if myDebug == "yes": logger.info( "reading port from ldap.conf..." ) # logger
    if port == "389":
        port = parser.get(section_name, 'port')
    else:
        port = port

    # check [default] stanza if we need ssl
    if myDebug == "yes": logger.info( "reading usessl from ldap.conf..." ) # logger
    usessl = parser.get(section_name, 'usessl')
    if usessl == "1":
        conn_string = "ldaps://%s:%s" % ( server, port )
    else:
        conn_string = "ldap://%s:%s" % ( server, port )

It looks like maybe the scope input is missing. Try adding a scope field.

 [STGLDAP]
 server = xx.xx.xx.xx
 port = xxxx
 usessl = 0
 scope = yourscope
 binddn = ou=stgldap,dc=stg,dc=org
 basedn = dc=stg,dc=org
 password = UGFzc3dvcmQxMjM=
 ldap_filter = (ou=SelfRegUser)
0 Karma

Grumpalot
Communicator

Hello @kpavan any luck?

0 Karma

kpavan
Path Finder

I have added scope in ldap.conf file, after restarting splunk am getting error as below not sure why it showing as invalid stanza.

Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 37: scope (value: "sub").
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 38: usessl (value: 0).
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 42: ldap_filter (value: "ou=SelfRegUser").

And still getting same error like "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

Thanks!
Pavan

0 Karma

Grumpalot
Communicator

Ok, also to verify your appname/default/ldap.conf looks like this and also go ahead and remove scope on your appname/local/ldap.conf

# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#

[bund]
server = x500.bund.de
port = 389
binddn = 
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0

[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)

I'm working on trying to recreate the issue on my side with no success.

0 Karma

Grumpalot
Communicator

@kpavan any luck?

0 Karma

kpavan
Path Finder

Hi,

Yes, I have same config in default path and also removed scope in local/ldap.conf.

Not sure why default config says as invalid:

Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 12: ldap_filter (value: (objectclass=)).
Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 13: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 18: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 22: ldap_filter (value: (objectclass=
)).

Thanks!
Pavan

0 Karma

kpavan
Path Finder

sorry typo mistake ldap_filter (value: (objectclass=*)).

0 Karma

Grumpalot
Communicator

Ok go ahead and take out the usessl field from both default/ldap.conf and local/ldap.conf
and try the following for ldap_filter

ldap_filter = "(objectclass=*)"

0 Karma

Grumpalot
Communicator

@kpavan, did you ever find a resolution to this?

0 Karma

kpavan
Path Finder

Nope, still hoping someone will reply 🙂

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...