Im new to splunk and have been tasked with configuring LDAP, I have edited the authentication.conf file as below.
authType = LDAP
authSettings = ldap1
host = sjcldap.ad.ea.com
port = 3268
SSLEnabled = 0
bindDN = emsguest
bindDNpassword = ##hashed password##
userBaseDN = dc=ad,dc=ea,dc=com
userBaseFilter = (objectclass=)
groupBaseDN = dc=ad,dc=ea,dc=com
groupBaseFilter = (objectclass=)
userNameAttribute = sAMAccountName
realNameAttribute = displayName
groupMappingAttribute = uid
groupMemberAttribute = uniqueMember
groupNameAttribute = uid
in splunkd.log file I see the following:
08-15-2013 05:12:14.914 -0700 ERROR ScopedLDAPConnection - strategy="ldap1" Error binding to LDAP. reason="Invalid credentials"
08-15-2013 05:12:14.914 -0700 INFO IndexProcessor - adjusting tb licences
08-15-2013 05:12:14.914 -0700 ERROR UserManagerPro - LoadLDAPUsersThread: Error loading all LDAP users for strategy="ldap1"
08-15-2013 05:12:14.917 -0700 INFO CMConfig - A splunktcp forwarder port is not configured in inputs.conf
08-15-2013 05:12:14.917 -0700 INFO TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available
If I execute the following ldapsearch command it works:
ldapsearch -x -h sjcldap.ad.ea.com -p 3268 -D "esmguest" -w "esmguest" -b "dc=ad,dc=ea,dc=com" "samaccountname=*"
So what Am I missing or doing wrong?
Any thoughts or comments you can provide will be appreciated.
I found out what the issue was, I was giving bad credentials :(.
Now im getting a new message
"Your LDAP strategy 'ldap1' is not returning any groups. Please check your LDAP configuration or consult splunkd.log for LDAP errors."
Anyway I will open a new thread for that.
Have a Great Day.
I was getting the following error when loading LDAP configuration from system/local/authentication.conf file:
Error binding to LDAP. reason="Invalid credentials"
The problem was due to me having bindDNpassword in a form of a hash instead of plain text. It turns out you need Splunk do the hashing on it own.