Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Error when configuring LDAP authentication over SSL to Active Directory

castellowc
Engager
‎07-15-2013 11:07 AM

I have installed Splunk on a Windows 2012 server. I am able to configure unsecured LDAP to a Windows domain controller, but as soon as I enable LDAP over SSL and change the port, I receive the error in Splunk Web:

Encountered the following error while trying to update: In handler 'LDAP-auth': strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

Additionally, in SPLUNKD.log I see the following limited info:

07-15-2013 11:02:33.221 -0500 ERROR ScopedLDAPConnection - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

07-15-2013 11:02:33.221 -0500 ERROR AdminHandler:AuthenticationHandler - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

I have reviewed the instructions listed here, including placing the root CA cert of the LDAP server certificate in $SPLUNK_HOME/etc/openldap/certs/ and then modifying the ldap.conf file accordingly. I have confirmed basic connectivity on the LDAPS port (636) of the domain controller using telnet client from the Splunk server.

Could anyone provide some additional insight or ideas into what I might be missing? Help will be greatly appreciated.

Reply

spsponger2
Explorer
‎01-29-2014 06:07 PM

We're seeing the exact same issue - can bind just fine without SSL on 389 but as soon as we force the use of SSL on our domain controllers by setting the "Domain Controller: LDAP server signing requirements" entry to "Require signing" it throws the error you got. We're tried both 636 and 3269 for the port with no luck.

Our environment consists of a Windows Server 2008 R2 DC and a Splunk 6.0.1 install.

Reply

JohnHowellANZ
Engager
‎08-19-2013 03:35 PM

I have the same issue, installing SPLUNK 5.0.4 on a Windows 2k8 R2 server. authenticating to a Windows 2008 native domain.
Testing LDAP using LDAP Search v4.5 (from SecurityXploded)I can make a secure connection to the ldap server and return a list of users, however with exactly the same BIND account and base DN strings in Splunk I am getting "Error binding to LDAP. reason="Can't contact LDAP server"

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...