All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

TA-LDAP app "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

kpavan
Path Finder
‎06-28-2017 06:22 AM

Hi All,

Am trying to connect one of ldap server using TA-LDAP app but for some reason am getting this error while running ldap searches

|ldap basedn="dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"
and
|ldap basedn="ou=SelfRegUser,dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"

Error while executing search command:
"External search command 'ldap' returned error code 1."

And also tried enabling debug logs and got below error, but i am not sure what this error means

Error after enabled debug log:
"ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

ldap.conf:
[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)

0 Karma
Reply

MuS
Legend
‎08-29-2019 01:14 PM

Hi there,

Sorry I missed this post, because the notification for the tag did not work for me 😞

Let me know should you still need help with this.

cheers, MuS

0 Karma
Reply

Grumpalot
Communicator
‎07-12-2017 03:54 AM

Ok, just to verify the current setup the ldap.conf in /apps/TA-LDAP/Defualt/ldap.conf looks like this

# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#

[bund]
server = x500.bund.de
port = 389
binddn = 
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0

[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)

and your new ldap.conf file is located in /apps/TA-LDAP/local/ldap.conf and it looks like 

[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)

If your current setup does not look like this please give it a try like the above setup and restart splunk then let me know what happens.

0 Karma
Reply

kpavan
Path Finder
‎07-12-2017 06:54 AM

Yes, currently I have same configuration the ldap.conf in /apps/TA-LDAP/local/

0 Karma
Reply

Grumpalot
Communicator
‎07-12-2017 07:10 AM

Ok taking a look at the code from the python script it is looking for the following.

try: # lets do it
    if myDebug == "yes": logger.info( "read the default options from ldap.conf..." ) # logger
    if myDebug == "yes": logger.info( "reading server from ldap.conf..." ) # logger
    server = parser.get(section_name, 'server')

    # always check username and password in ldap.conf, never provided by user!
    if myDebug == "yes": logger.info( "reading user/pwd from ldap.conf..." ) # logger
    password = parser.get(section_name, 'password')
    binddn = parser.get(section_name, 'binddn')

    # check for user provided basedn options or use [default] stanza
    if myDebug == "yes": logger.info( "reading basedn from ldap.conf..." ) # logger
    if basedn == "basedn":
        basedn = parser.get(section_name, 'basedn')
    else:
        basedn = basedn

    # check for user provided ldap_filter options or use [default] stanza
    if myDebug == "yes": logger.info( "reading ldap_filter from ldap.conf..." ) # logger
    if ldap_filter == "0":
        ldap_filter = parser.get(section_name, 'ldap_filter')
    else:
        ldap_filter = ldap_filter

    # check for user provided scope options or use [default] stanza
    if myDebug == "yes": logger.info( "reading base from ldap.conf..." ) # logger
    if scope == "base":
        scope = ldap.SCOPE_BASE
    elif scope == "one":
        scope = ldap.SCOPE_ONELEVEL
    else:
        scope = ldap.SCOPE_SUBTREE

    # check for user provided port options or use [default] stanza
    if myDebug == "yes": logger.info( "reading port from ldap.conf..." ) # logger
    if port == "389":
        port = parser.get(section_name, 'port')
    else:
        port = port

    # check [default] stanza if we need ssl
    if myDebug == "yes": logger.info( "reading usessl from ldap.conf..." ) # logger
    usessl = parser.get(section_name, 'usessl')
    if usessl == "1":
        conn_string = "ldaps://%s:%s" % ( server, port )
    else:
        conn_string = "ldap://%s:%s" % ( server, port )

It looks like maybe the scope input is missing. Try adding a scope field.

 [STGLDAP]
 server = xx.xx.xx.xx
 port = xxxx
 usessl = 0
 scope = yourscope
 binddn = ou=stgldap,dc=stg,dc=org
 basedn = dc=stg,dc=org
 password = UGFzc3dvcmQxMjM=
 ldap_filter = (ou=SelfRegUser)
0 Karma
Reply

Grumpalot
Communicator
‎07-13-2017 04:05 AM

Hello @kpavan any luck?

0 Karma
Reply

kpavan
Path Finder
‎07-13-2017 06:01 AM

I have added scope in ldap.conf file, after restarting splunk am getting error as below not sure why it showing as invalid stanza.

Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 37: scope (value: "sub").
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 38: usessl (value: 0).
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 42: ldap_filter (value: "ou=SelfRegUser").

And still getting same error like "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

Thanks!
Pavan

0 Karma
Reply

Grumpalot
Communicator
‎07-13-2017 07:34 AM

Ok, also to verify your appname/default/ldap.conf looks like this and also go ahead and remove scope on your appname/local/ldap.conf

# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#

[bund]
server = x500.bund.de
port = 389
binddn = 
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0

[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)

I'm working on trying to recreate the issue on my side with no success.

0 Karma
Reply

Grumpalot
Communicator
‎07-19-2017 05:12 AM

@kpavan any luck?

0 Karma
Reply

kpavan
Path Finder
‎07-19-2017 06:20 AM

Hi,

Yes, I have same config in default path and also removed scope in local/ldap.conf.

Not sure why default config says as invalid:

Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 12: ldap_filter (value: (objectclass=)).
Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 13: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 18: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 22: ldap_filter (value: (objectclass=)).

Thanks!
Pavan

0 Karma
Reply

kpavan
Path Finder
‎07-19-2017 06:24 AM

sorry typo mistake ldap_filter (value: (objectclass=*)).

0 Karma
Reply

Grumpalot
Communicator
‎07-19-2017 06:40 AM

Ok go ahead and take out the usessl field from both default/ldap.conf and local/ldap.conf
and try the following for ldap_filter

ldap_filter = "(objectclass=*)"

0 Karma
Reply

Grumpalot
Communicator
‎07-11-2017 09:42 AM

@kpavan, did you ever find a resolution to this?

0 Karma
Reply

kpavan
Path Finder
‎07-12-2017 02:30 AM

Nope, still hoping someone will reply 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...