Hi All,
Am trying to connect one of ldap server using TA-LDAP app but for some reason am getting this error while running ldap searches
|ldap basedn="dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"
and
|ldap basedn="ou=SelfRegUser,dc=stg,dc=org" ldap_filter="(ou=SelfRegUser)"
Error while executing search command:
"External search command 'ldap' returned error code 1."
And also tried enabling debug logs and got below error, but i am not sure what this error means
Error after enabled debug log:
"ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"
ldap.conf:
[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)
Hi there,
Sorry I missed this post, because the notification for the tag did not work for me 😞
Let me know should you still need help with this.
cheers, MuS
Ok, just to verify the current setup the ldap.conf in /apps/TA-LDAP/Defualt/ldap.conf looks like this
# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#
[bund]
server = x500.bund.de
port = 389
binddn =
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0
[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)
and your new ldap.conf file is located in /apps/TA-LDAP/local/ldap.conf and it looks like
[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)
If your current setup does not look like this please give it a try like the above setup and restart splunk then let me know what happens.
Yes, currently I have same configuration the ldap.conf in /apps/TA-LDAP/local/
Ok taking a look at the code from the python script it is looking for the following.
try: # lets do it
if myDebug == "yes": logger.info( "read the default options from ldap.conf..." ) # logger
if myDebug == "yes": logger.info( "reading server from ldap.conf..." ) # logger
server = parser.get(section_name, 'server')
# always check username and password in ldap.conf, never provided by user!
if myDebug == "yes": logger.info( "reading user/pwd from ldap.conf..." ) # logger
password = parser.get(section_name, 'password')
binddn = parser.get(section_name, 'binddn')
# check for user provided basedn options or use [default] stanza
if myDebug == "yes": logger.info( "reading basedn from ldap.conf..." ) # logger
if basedn == "basedn":
basedn = parser.get(section_name, 'basedn')
else:
basedn = basedn
# check for user provided ldap_filter options or use [default] stanza
if myDebug == "yes": logger.info( "reading ldap_filter from ldap.conf..." ) # logger
if ldap_filter == "0":
ldap_filter = parser.get(section_name, 'ldap_filter')
else:
ldap_filter = ldap_filter
# check for user provided scope options or use [default] stanza
if myDebug == "yes": logger.info( "reading base from ldap.conf..." ) # logger
if scope == "base":
scope = ldap.SCOPE_BASE
elif scope == "one":
scope = ldap.SCOPE_ONELEVEL
else:
scope = ldap.SCOPE_SUBTREE
# check for user provided port options or use [default] stanza
if myDebug == "yes": logger.info( "reading port from ldap.conf..." ) # logger
if port == "389":
port = parser.get(section_name, 'port')
else:
port = port
# check [default] stanza if we need ssl
if myDebug == "yes": logger.info( "reading usessl from ldap.conf..." ) # logger
usessl = parser.get(section_name, 'usessl')
if usessl == "1":
conn_string = "ldaps://%s:%s" % ( server, port )
else:
conn_string = "ldap://%s:%s" % ( server, port )
It looks like maybe the scope input is missing. Try adding a scope field.
[STGLDAP]
server = xx.xx.xx.xx
port = xxxx
usessl = 0
scope = yourscope
binddn = ou=stgldap,dc=stg,dc=org
basedn = dc=stg,dc=org
password = UGFzc3dvcmQxMjM=
ldap_filter = (ou=SelfRegUser)
Hello @kpavan any luck?
I have added scope in ldap.conf file, after restarting splunk am getting error as below not sure why it showing as invalid stanza.
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 37: scope (value: "sub").
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 38: usessl (value: 0).
Invalid key in stanza [STGLDAP] in /opt/splunk/etc/apps/TA-LDAP/local/ldap.conf, line 42: ldap_filter (value: "ou=SelfRegUser").
And still getting same error like "ERROR myldap:211 - ERROR: unable to get default options from ldap.conf"
Thanks!
Pavan
Ok, also to verify your appname/default/ldap.conf looks like this and also go ahead and remove scope on your appname/local/ldap.conf
# Author: MuS
#
# passwords in here are base64, you will not use clear text passwords!
#
[bund]
server = x500.bund.de
port = 389
binddn =
basedn = cn=Liegenschaften,o=Bund,c=DE
password = 0
ldap_filter = (objectclass=*)
usessl = 0
[default]
server = ldap.forumsys.com
port = 389
usessl = 0
binddn = cn=read-only-admin,dc=example,dc=com
basedn = dc=example,dc=com
password = cGFzc3dvcmQ=
ldap_filter = (objectclass=*)
I'm working on trying to recreate the issue on my side with no success.
@kpavan any luck?
Hi,
Yes, I have same config in default path and also removed scope in local/ldap.conf.
Not sure why default config says as invalid:
Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 12: ldap_filter (value: (objectclass=)).
Invalid key in stanza [bund] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 13: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 18: usessl (value: 0).
Invalid key in stanza [default] in /opt/splunk/etc/apps/TA-LDAP/default/ldap.conf, line 22: ldap_filter (value: (objectclass=)).
Thanks!
Pavan
sorry typo mistake ldap_filter (value: (objectclass=*)).
Ok go ahead and take out the usessl field from both default/ldap.conf and local/ldap.conf
and try the following for ldap_filter
ldap_filter = "(objectclass=*)"
@kpavan, did you ever find a resolution to this?
Nope, still hoping someone will reply 🙂