All Apps and Add-ons

TA-LDAP app "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

kpavan
Path Finder

Hi All,

Am trying to connect one of ldap server using TA-LDAP app but for some reason am getting this error while running ldap searches

|ldap basedn="dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"
and
|ldap basedn="ou=SelfRegUser,dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"

Error while executing search command:
"External search command 'ldap' returned error code 1."

And also tried enabling debug logs and got below error, but i am not sure what this error means

Error after enabled debug log:
"ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

ldap.conf:
[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi there,

Sorry I missed this post, because the notification for the tag did not work for me 😞

Let me know should you still need help with this.

cheers, MuS

0 Karma

Grumpalot
Communicator

Ok, just to verify the current setup the ldap.conf in /apps/TA-LDAP/Defualt/ldap.conf looks like this

# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#

[bund]
server = x500.bund.de
port = 389
binddn = 
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0

[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)

and your new ldap.conf file is located in /apps/TA-LDAP/local/ldap.conf and it looks like

[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)

If your current setup does not look like this please give it a try like the above setup and restart splunk then let me know what happens.

0 Karma

kpavan
Path Finder

Yes, currently I have same configuration the ldap.conf in /apps/TA-LDAP/local/

0 Karma

Grumpalot
Communicator

Ok taking a look at the code from the python script it is looking for the following.

try: # lets do it
    if myDebug == "yes": logger.info( "read the default options from ldap.conf..." ) # logger
    if myDebug == "yes": logger.info( "reading server from ldap.conf..." ) # logger
    server = parser.get(section_name, 'server')

    # always check username and password in ldap.conf, never provided by user!
    if myDebug == "yes": logger.info( "reading user/pwd from ldap.conf..." ) # logger
    password = parser.get(section_name, 'password')
    binddn = parser.get(section_name, 'binddn')

    # check for user provided basedn options or use [default] stanza
    if myDebug == "yes": logger.info( "reading basedn from ldap.conf..." ) # logger
    if basedn == "basedn":
        basedn = parser.get(section_name, 'basedn')
    else:
        basedn = basedn

    # check for user provided ldap_filter options or use [default] stanza
    if myDebug == "yes": logger.info( "reading ldap_filter from ldap.conf..." ) # logger
    if ldap_filter == "0":
        ldap_filter = parser.get(section_name, 'ldap_filter')
    else:
        ldap_filter = ldap_filter

    # check for user provided scope options or use [default] stanza
    if myDebug == "yes": logger.info( "reading base from ldap.conf..." ) # logger
    if scope == "base":
        scope = ldap.SCOPE_BASE
    elif scope == "one":
        scope = ldap.SCOPE_ONELEVEL
    else:
        scope = ldap.SCOPE_SUBTREE

    # check for user provided port options or use [default] stanza
    if myDebug == "yes": logger.info( "reading port from ldap.conf..." ) # logger
    if port == "389":
        port = parser.get(section_name, 'port')
    else:
        port = port

    # check [default] stanza if we need ssl
    if myDebug == "yes": logger.info( "reading usessl from ldap.conf..." ) # logger
    usessl = parser.get(section_name, 'usessl')
    if usessl == "1":
        conn_string = "ldaps://%s:%s" % ( server, port )
    else:
        conn_string = "ldap://%s:%s" % ( server, port )

It looks like maybe the scope input is missing. Try adding a scope field.

 [STGLDAP]
 server = xx.xx.xx.xx
 port = xxxx
 usessl = 0
 scope = yourscope
 binddn = ou=stgldap,dc=stg,dc=org
 basedn = dc=stg,dc=org
 password = UGFzc3dvcmQxMjM=
 ldap_filter = (ou=SelfRegUser)
0 Karma

Grumpalot
Communicator

Hello @kpavan any luck?

0 Karma

kpavan
Path Finder

I have added scope in ldap.conf file, after restarting splunk am getting error as below not sure why it showing as invalid stanza.

Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 37: scope (value: "sub").
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 38: usessl (value: 0).
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 42: ldap_filter (value: "ou=SelfRegUser").

And still getting same error like "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"

Thanks!
Pavan

0 Karma

Grumpalot
Communicator

Ok, also to verify your appname/default/ldap.conf looks like this and also go ahead and remove scope on your appname/local/ldap.conf

# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#

[bund]
server = x500.bund.de
port = 389
binddn = 
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0

[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)

I'm working on trying to recreate the issue on my side with no success.

0 Karma

Grumpalot
Communicator

@kpavan any luck?

0 Karma

kpavan
Path Finder

Hi,

Yes, I have same config in default path and also removed scope in local/ldap.conf.

Not sure why default config says as invalid:

Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 12: ldap_filter (value: (objectclass=)).
Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 13: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 18: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 22: ldap_filter (value: (objectclass=
)).

Thanks!
Pavan

0 Karma

kpavan
Path Finder

sorry typo mistake ldap_filter (value: (objectclass=*)).

0 Karma

Grumpalot
Communicator

Ok go ahead and take out the usessl field from both default/ldap.conf and local/ldap.conf
and try the following for ldap_filter

ldap_filter = "(objectclass=*)"

0 Karma

Grumpalot
Communicator

@kpavan, did you ever find a resolution to this?

0 Karma

kpavan
Path Finder

Nope, still hoping someone will reply 🙂

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!