All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Users can no longer execute ldapsearch; capability required only admins have

tweaktubbie
Communicator
‎03-22-2017 09:11 AM

Until months ago the SA-LDAPsearch 2.1.4 (aka Splunk Support for Active Directory) app worked fine, and it still does for me as admin.

But it appears no alerts have come through for a lot of time now.
What users see when trying to query:

External search command 'ldaptestconnection' returned error code 1. Script output = " ERROR " # host: somedomain Could not access the directory service at ldaps://someserver:636: 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580" "

Their attempt or even |ldaptestconnection) results in index=_audit in events like these:

 Audit:[timestamp=03-20-2017 11:18:15.673, id=*, user=xxxxx, action=list_storage_passwords,  info=denied object="SA-ldapsearch:default:" operation=list]

Seems not good to grant any non-admin role this capability, but how other way can a specific group of users (or even a few) be given the possibility to run ldap searches?

Running Splunk 6.5.1 on Linux; had as always granted the Power role read-access to the App, users involved had the Power role.

Reply

datasearchninja
Communicator
‎06-20-2018 07:49 PM

The workaround mentioned in https://answers.splunk.com/answers/189732/splunk-support-for-active-directory-why-are-non-ad.html still works.

You can place the plaintext password in the ldap.conf file against a password= paramater, and remove the encrypted version from passwords.conf, and the code will fallback to the plaintext one.

0 Karma
Reply

Kieffer87
Communicator
‎03-06-2018 10:37 AM

Also having this issue though we are just now noticing it after upgrading to 7.0.2. Have you found a workaround for this?

Reply

ThomasControlwa
Path Finder
‎02-13-2018 08:46 AM

hi,
do you find a Workaround?
many thanks in advance

0 Karma
Reply
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...