Getting Data In

Error using sa-ldapsearch

jms112080
New Member

I'm using the lastest version of the app and Splunk 7.0.1 and I've tried every suggestion I can find on the Splunk website without any luck. I get some variation of the error below. I've gone as far as modifying the python the "default" option in the python scripts to point to my domain and all it does is change the error from ldap/default to ldap/"mydomain". Anyone solved this mystery?

External search command 'ldapgroup' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/default

Tags (1)
0 Karma

mschlapfer
Explorer

I am seeing the same error, did you ever figure out how to resolve?

0 Karma

msteffes
New Member

I'm seeing this message as well. I have the below ldap.conf on the search head and indexer (we also have a deployment server we don't have it on) in our environment. I have tried having stanza [domain.com] in all caps and lowercase, as well as alternatedomain = DOMAIN in all caps and lowercase. The error message I'm receiving is "External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. " I used DOMAIN in place of our actual domain name for the example it is correct in the ldap.conf file.

[default]
server = dc1.domain.com
port = 389

[domain.com]
server = dc1.domain.com,dc2.domain.com
port = 389
ssl = false
basedn = DC=naucom,DC=com
binddn = CN=spl user,OU=Splunk,OU=System Accounts,OU=Departments and Categories,DC=domain,DC=com
password = password
alternatedomain = DOMAIN

I'm assuming either you found the answer and didn;t post it or gave up. Either way it would be nice to resolve this issue so we can fully use Splunk App for Windows Infrastructure.

0 Karma

louismai
Path Finder

I read a similar post, and followed them.
https://answers.splunk.com/answers/172847/ldapfilter-is-giving-me-error-missing-required-val.html

If you only have 1 domain, you can change that to default. It seems a work-around.
local/ldap.conf
[default]
alternatedomain=DOMAIN
basedn = dc=domain,dc=net
binddn = svc_splunk_ldap
server = ausdadc01.domain.net
ssl = 0
port = 389

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...