I'm using the lastest version of the app and Splunk 7.0.1 and I've tried every suggestion I can find on the Splunk website without any luck. I get some variation of the error below. I've gone as far as modifying the python the "default" option in the python scripts to point to my domain and all it does is change the error from ldap/default to ldap/"mydomain". Anyone solved this mystery?
External search command 'ldapgroup' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/default
I am seeing the same error, did you ever figure out how to resolve?
I'm seeing this message as well. I have the below ldap.conf on the search head and indexer (we also have a deployment server we don't have it on) in our environment. I have tried having stanza [domain.com] in all caps and lowercase, as well as alternatedomain = DOMAIN in all caps and lowercase. The error message I'm receiving is "External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. " I used DOMAIN in place of our actual domain name for the example it is correct in the ldap.conf file.
[default]
server = dc1.domain.com
port = 389
[domain.com]
server = dc1.domain.com,dc2.domain.com
port = 389
ssl = false
basedn = DC=naucom,DC=com
binddn = CN=spl user,OU=Splunk,OU=System Accounts,OU=Departments and Categories,DC=domain,DC=com
password = password
alternatedomain = DOMAIN
I'm assuming either you found the answer and didn;t post it or gave up. Either way it would be nice to resolve this issue so we can fully use Splunk App for Windows Infrastructure.
I read a similar post, and followed them.
https://answers.splunk.com/answers/172847/ldapfilter-is-giving-me-error-missing-required-val.html
If you only have 1 domain, you can change that to default. It seems a work-around.
local/ldap.conf
[default]
alternatedomain=DOMAIN
basedn = dc=domain,dc=net
binddn = svc_splunk_ldap
server = ausdadc01.domain.net
ssl = 0
port = 389