Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

LDAP configuration showing users, but not allowing login

andrewdotnich
Explorer
‎12-06-2010 06:26 AM

I've configured my Splunk setup to use LDAP, and it shows the few users I've configured to meet my criteria in the list (see http://imgur.com/l5iTu)

If, however, I try to log on using the correct LDAP credentials, I receive "Invalid username and password" error. If after that I log in as admin again, the user I attempted to log in as has disappeared from the list (see http://imgur.com/tUIDz)

EDIT: Resynching the user list via the manager causes the username to reappear (curiouser and curiouser)

I'm running on an Enterprise License (albeit it a trial one) -- there aren't any policy reasons why this behaviour would occur, are there?

EDIT #2: Here's my authentication.conf:

[authentication]
authSettings = mycompany LDAP
authType = LDAP

[mycompany LDAP]
SSLEnabled = 0
bindDNpassword = $1$sQ==
charset = utf8
groupBaseDN = ou=Group,dc=mycompany,dc=com
groupBaseFilter = (cn=splunk*)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ldap.int.mycompany.com
port = 389
realNameAttribute = displayname
userBaseDN = dc=mycompany,dc=com
userBaseFilter = (ou=People)
userNameAttribute = uid

[roleMap]
admin = splunk-admin
splunk-admin = splunk-admin
splunk-dev-viewers = splunk-dev-viewers
splunk-ops-viewers = splunk-ops-viewers
splunk-report-builders = splunk-report-builders
splunk_qa_viewers = splunk-qa-viewers
user = People;splunk-admin;splunk-dev-viewers;splunk-ops-viewers;splunk-qa-viewers;splunk-report-builders

And here's my LDAP entry as an example:

# andrewn, People, mycompany.com
dn: cn=andrewn,ou=People,dc=mycompany,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: andrewn
uid: andrewn
givenName: Andrew
sn: Nicholson
homeDirectory: /home/andrewn
gecos: Andrew Nicholson
l: Melbourne
st: Victoria
uidNumber: xxxx
displayName: Andrew Nicholson
mail: andrew.nicholson@mycompany.com
employeeType: Employee
gidNumber: xxxxx
loginShell: /bin/bash
shadowLastChange: xxxxx

And one of our LDAP groups:

# splunk-admin, Group, mycompany.com
dn: cn=splunk-admin,ou=Group,dc=mycompany,dc=com
cn: splunk-admin
objectClass: groupOfNames
objectClass: top
description: Splunk Administrators
member: cn=xxxxxxx,ou=People,dc=mycompany,dc=com
member: cn=andrewn,ou=People,dc=mycompany,dc=com
member: cn=xxxxxxxx,ou=People,dc=mycompany,dc=com
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎12-06-2010 04:39 PM

It could be that groupBaseDN is properly configured, but the userBaseDN is not. Support has seen issues with users disappearing in the manner you describe in the past.

Take a look at the following url:

http://www.splunk.com/base/Documentation/4.1.4/Admin/SetupuserauthenticationwithLDAP#Configure_LDAP

Review the 'Test your LDAP configuration' section. This should be helpful in pointing out whatever variance may exist between groupBaseCN and userBaseDN.

Based on what I see in your configuration, I would suggest a couple of changes to authentication.conf:

  1. Edit your userBaseDN to look like this:

    userBaseDN = ou=People,dc=mycompany,dc=com

  2. Remove this line:

    userBaseFilter = (ou=People)

View solution in original post

Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎12-06-2010 04:39 PM

It could be that groupBaseDN is properly configured, but the userBaseDN is not. Support has seen issues with users disappearing in the manner you describe in the past.

Take a look at the following url:

http://www.splunk.com/base/Documentation/4.1.4/Admin/SetupuserauthenticationwithLDAP#Configure_LDAP

Review the 'Test your LDAP configuration' section. This should be helpful in pointing out whatever variance may exist between groupBaseCN and userBaseDN.

Based on what I see in your configuration, I would suggest a couple of changes to authentication.conf:

  1. Edit your userBaseDN to look like this:

    userBaseDN = ou=People,dc=mycompany,dc=com

  2. Remove this line:

    userBaseFilter = (ou=People)

Reply
Solved! Jump to solution

andrewdotnich
Explorer
‎12-16-2010 10:07 PM

Thank you very much, that did indeed solve the problem 🙂

0 Karma
Reply
Solved! Jump to solution

ziegfried
Influencer
‎12-06-2010 09:11 AM

What kind of LDAP server are you using? It would also be helpful to show your LDAP configuartion.

0 Karma
Reply
Solved! Jump to solution

andrewdotnich
Explorer
‎12-06-2010 06:37 AM

and yes, the LDAP configuration is enabled.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top