Reporting

LDAP Configuration, Invalid credentials issue.

fabianbr
New Member

Hello Splunkers.
Im new to splunk and have been tasked with configuring LDAP, I have edited the authentication.conf file as below.

authType = LDAP
authSettings = ldap1

[ldap1]
host = sjcldap.ad.ea.com
port = 3268
SSLEnabled = 0
bindDN = emsguest
bindDNpassword = ##hashed password##
userBaseDN = dc=ad,dc=ea,dc=com
userBaseFilter = (objectclass=)
groupBaseDN = dc=ad,dc=ea,dc=com
groupBaseFilter = (objectclass=
)
userNameAttribute = sAMAccountName
realNameAttribute = displayName
groupMappingAttribute = uid
groupMemberAttribute = uniqueMember
groupNameAttribute = uid

in splunkd.log file I see the following:
08-15-2013 05:12:14.914 -0700 ERROR ScopedLDAPConnection - strategy="ldap1" Error binding to LDAP. reason="Invalid credentials"
08-15-2013 05:12:14.914 -0700 INFO IndexProcessor - adjusting tb licences
08-15-2013 05:12:14.914 -0700 ERROR UserManagerPro - LoadLDAPUsersThread: Error loading all LDAP users for strategy="ldap1"
08-15-2013 05:12:14.917 -0700 INFO CMConfig - A splunktcp forwarder port is not configured in inputs.conf
08-15-2013 05:12:14.917 -0700 INFO TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available

If I execute the following ldapsearch command it works:
ldapsearch -x -h sjcldap.ad.ea.com -p 3268 -D "esmguest" -w "esmguest" -b "dc=ad,dc=ea,dc=com" "samaccountname=*"

So what Am I missing or doing wrong?

Any thoughts or comments you can provide will be appreciated.

Best Regards.

0 Karma

bbialek
Path Finder

I was getting the following error when loading LDAP configuration from system/local/authentication.conf file:

Error binding to LDAP. reason="Invalid credentials"

The problem was due to me having bindDNpassword in a form of a hash instead of plain text. It turns out you need Splunk do the hashing on it own.

0 Karma

fabianbr
New Member

Hello Team.

I found out what the issue was, I was giving bad credentials :(.

Now im getting a new message
"Your LDAP strategy 'ldap1' is not returning any groups. Please check your LDAP configuration or consult splunkd.log for LDAP errors."

Anyway I will open a new thread for that.

Have a Great Day.

Regards.

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...