All Apps and Add-ons

external search command 'ldapsearch' returned error code 1. Script output = "error_message=Cannot find the configuration stanza for domain=* in ldap.conf

New Member

Hi, I have installed Splunk Supporting Add-on for Active Directory to run ldap search command. After installing the TA and trying to run ldap search command and its not working.
Error: "external search command 'ldapsearch' returned error code 1. Script output = "error_message=Cannot find the configuration stanza for domain=* in ldap.conf"

Can anyone help me out with this issue?

0 Karma

Splunk Employee
Splunk Employee

Did you use '' at domain in the search query like "| ldapsearch domain= search=..."
If you did, '*' will not work but have to specify the actual

If you mean by '*', all attempted domains, that Error literally indicates that the ldap.conf does not have [] stanza.

Basically 'default' domain in SA-ldapsearch is required configuration and also the 'default' domain should be functional in order to complete the Configuration.

However, some other apps such as 'Splunk App for Windows Infrastructure' does not use the 'default' domain.
If the SA-ldapsearch app does not have [] stanza, the 'Splunk App for Windows Infrastructure' will throw that error as well.

"error_message=Cannot find the configuration stanza for domain= in ldap.conf"

In the SA-ldapsearch Configuration, 'Alternate domain name' is essential field and should be unique.
That means you cannot use the same 'Alternate domain name' in 'default' domain and domain.
In that case, you may want to set up a different 'Alternate domain name' in 'default' and preferred name in domain.

The 'ldap.conf' looks like below.

[default]
alternatedomain = DUMMY.COM

basedn = dc=yourdomainname,dc=com
binddn = CN=administrator,cn=users,dc=yourdomainname,DC=com
port = 389
server = 192.168.100.100
ssl = 0

[yourdomainname]
alternatedomain = YOURDOMAINNAME.COM

0 Karma