LDAP Configuration, Invalid credentials issue.

New Member

Hello Splunkers.
Im new to splunk and have been tasked with configuring LDAP, I have edited the authentication.conf file as below.

authType = LDAP
authSettings = ldap1

host =
port = 3268
SSLEnabled = 0
bindDN = emsguest
bindDNpassword = ##hashed password##
userBaseDN = dc=ad,dc=ea,dc=com
userBaseFilter = (objectclass=)
groupBaseDN = dc=ad,dc=ea,dc=com
groupBaseFilter = (objectclass=
userNameAttribute = sAMAccountName
realNameAttribute = displayName
groupMappingAttribute = uid
groupMemberAttribute = uniqueMember
groupNameAttribute = uid

in splunkd.log file I see the following:
08-15-2013 05:12:14.914 -0700 ERROR ScopedLDAPConnection - strategy="ldap1" Error binding to LDAP. reason="Invalid credentials"
08-15-2013 05:12:14.914 -0700 INFO IndexProcessor - adjusting tb licences
08-15-2013 05:12:14.914 -0700 ERROR UserManagerPro - LoadLDAPUsersThread: Error loading all LDAP users for strategy="ldap1"
08-15-2013 05:12:14.917 -0700 INFO CMConfig - A splunktcp forwarder port is not configured in inputs.conf
08-15-2013 05:12:14.917 -0700 INFO TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available

If I execute the following ldapsearch command it works:
ldapsearch -x -h -p 3268 -D "esmguest" -w "esmguest" -b "dc=ad,dc=ea,dc=com" "samaccountname=*"

So what Am I missing or doing wrong?

Any thoughts or comments you can provide will be appreciated.

Best Regards.

0 Karma

Path Finder

I was getting the following error when loading LDAP configuration from system/local/authentication.conf file:

Error binding to LDAP. reason="Invalid credentials"

The problem was due to me having bindDNpassword in a form of a hash instead of plain text. It turns out you need Splunk do the hashing on it own.

0 Karma

New Member

Hello Team.

I found out what the issue was, I was giving bad credentials :(.

Now im getting a new message
"Your LDAP strategy 'ldap1' is not returning any groups. Please check your LDAP configuration or consult splunkd.log for LDAP errors."

Anyway I will open a new thread for that.

Have a Great Day.


0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...