Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to resolve a non-existant LDAP account causing issues in splunkd?

a212830
Champion
‎11-08-2016 06:53 AM

Hi,

We are getting flooded with error messages from a non-existant LDAP account in our splunkd, and complaints from the siteminder support folks that we are hammering their server. The account does not exist on either search head, and i can't find any searches that are enabled with that user id. Any suggestions on where to look?

11-08-2016 09:49:41.564 -0500 ERROR AuthenticationManagerLDAP - Could not find user="a555740" with strategy="Offshore Power"
11-08-2016 09:49:41.627 -0500 ERROR AuthenticationManagerLDAP - Could not find user="a555740" with strategy="Offshore users"
11-08-2016 09:49:41.642 -0500 ERROR AuthenticationManagerLDAP - Could not find user="a555740" with strategy="azg_EZP-STS-MTS-USER"
11-08-2016 09:49:41.710 -0500 ERROR AuthenticationManagerLDAP - Could not find user="a555740" with strategy="azgEI_SCCM_Splunk_Users"
11-08-2016 09:49:41.713 -0500 ERROR AuthenticationManagerLDAP - Could not find user="a555740" with strategy="azg_EZP-DMT-USER"
11-08-2016 09:49:41.774 -0500 ERROR AuthenticationManagerLDAP - Could not find user="a555740" with strategy="azg_EZP-STS-MTS-USER"
0 Karma
Reply

cmerriman
Super Champion
‎11-08-2016 06:58 AM

here is some documentation for removing users

http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/BestpracticeforremovinganLDAPuser

0 Karma
Reply

sloshburch
Ultra Champion
‎11-08-2016 01:50 PM

Yea, you'll need to check for ANY knowledge objects owned by this user. Remember that they might have some stuff stashed as private that could be getting missed in your searching.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...