Hi, I have installed Splunk Supporting Add-on for Active Directory to run ldap search command. After installing the TA and trying to run ldap search command and its not working.
Error: "external search command 'ldapsearch' returned error code 1. Script output = "error_message=Cannot find the configuration stanza for domain=* in ldap.conf"
Did you use '' at domain in the search query like "| ldapsearch domain= search=..."
If you did, '*' will not work but have to specify the actual
If you mean by '*', all attempted domains, that Error literally indicates that the ldap.conf does not have  stanza.
Basically 'default' domain in SA-ldapsearch is required configuration and also the 'default' domain should be functional in order to complete the Configuration.
However, some other apps such as 'Splunk App for Windows Infrastructure' does not use the 'default' domain.
If the SA-ldapsearch app does not have  stanza, the 'Splunk App for Windows Infrastructure' will throw that error as well.
"error_message=Cannot find the configuration stanza for domain= in ldap.conf"
In the SA-ldapsearch Configuration, 'Alternate domain name' is essential field and should be unique.
That means you cannot use the same 'Alternate domain name' in 'default' domain and domain.
In that case, you may want to set up a different 'Alternate domain name' in 'default' and preferred name in domain.
The 'ldap.conf' looks like below.
alternatedomain = DUMMY.COM
basedn = dc=yourdomainname,dc=com
binddn = CN=administrator,cn=users,dc=yourdomainname,DC=com
port = 389
server = 192.168.100.100
ssl = 0