I have installed Splunk on a Windows 2012 server. I am able to configure unsecured LDAP to a Windows domain controller, but as soon as I enable LDAP over SSL and change the port, I receive the error in Splunk Web:
Encountered the following error while trying to update: In handler 'LDAP-auth': strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"
Additionally, in SPLUNKD.log I see the following limited info:
07-15-2013 11:02:33.221 -0500 ERROR ScopedLDAPConnection - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"
07-15-2013 11:02:33.221 -0500 ERROR AdminHandler:AuthenticationHandler - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"
I have reviewed the instructions listed here, including placing the root CA cert of the LDAP server certificate in $SPLUNK_HOME/etc/openldap/certs/ and then modifying the ldap.conf file accordingly. I have confirmed basic connectivity on the LDAPS port (636) of the domain controller using telnet client from the Splunk server.
Could anyone provide some additional insight or ideas into what I might be missing? Help will be greatly appreciated.
We're seeing the exact same issue - can bind just fine without SSL on 389 but as soon as we force the use of SSL on our domain controllers by setting the "Domain Controller: LDAP server signing requirements" entry to "Require signing" it throws the error you got. We're tried both 636 and 3269 for the port with no luck.
Our environment consists of a Windows Server 2008 R2 DC and a Splunk 6.0.1 install.
I have the same issue, installing SPLUNK 5.0.4 on a Windows 2k8 R2 server. authenticating to a Windows 2008 native domain.
Testing LDAP using LDAP Search v4.5 (from SecurityXploded)I can make a secure connection to the ldap server and return a list of users, however with exactly the same BIND account and base DN strings in Splunk I am getting "Error binding to LDAP. reason="Can't contact LDAP server"