- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We migrated our Splunk indexer from Ubuntu to RHEL recently. Everything appeared to go fine except for this one add-on. Initially, we were getting a different error. I ran fapolicyd-cli add file splunk to it and that error cleared but now we get this error.
External search command "ldapgroup" returned error code 1. Script output = "error message=HTTPError at "/opt/splunk/etc/apps/SA-ldapsearch/bin/packages/splunklib/binding.py", line 1245 : HTTP 403 Forbidden - insufficient permission to access this resources."
I went in and did chown -R on the folder (and every other folder in the line including /opt/splunk) but that didn't fix it. The files and folders are all owned by splunk and have permission to run it. I have verified the firewall ports for 636 and 389 are open. We have tried to reinstall the add-on through the web interface and get a series of similar errors indicating that it can't copy a number of .py files over. Some do get copied though and most of the folders created. I'm at a bit of a loss...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We ended up disabling fapolicyd and testing the install again. It worked. After it was configured, we enabled fapolicyd and is still working.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We ended up disabling fapolicyd and testing the install again. It worked. After it was configured, we enabled fapolicyd and is still working.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
The error means that during execution of that script an exception was thrown at line 1245 because it tried to connect somewhere and got 403 as a response. It doesn't have anything to do with filesystem permissions.
![](/skins/images/53C7C94B4DD15F7CACC6D77B9B4D55BF/responsive_peak/images/icon_anonymous_message.png)