Security

Error binding to LDAP. reason="Can't contact LDAP server".

chris
Motivator

Hi,

on a fresh 6.6 install I received the following error when trying to set up ldap authentication:
An error occurred completing this request: In handler 'LDAP-groups': strategy="default" Error binding to LDAP. reason="Can't contact LDAP server".

I copied the config from a existing/working instance.

Any Ideas?

Regards Chris

1 Solution

chris
Motivator

Running:

ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"

as suggested in: https://docs.splunk.com/Documentation/Splunk/6.6.1/Security/TestyourLDAPconfiguration helped.

Adding -d -1 to get debug output:

ldapsearch -d -1 -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"

yields:

TLS: error: connect - force handshake failure: errno 13 - moznss error -12286
TLS: can't connect: TLS error -12286:Cannot communicate securely with peer: no common encryption algorithm(s)..
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I am not the ldap-admin so I commented the TLS_PROTOCOL and TLS_CIPHER lines in:
$SPLUNK_HOME/etc/openldap/ldap.conf

#TLS_PROTOCOL_MIN 3.3
#TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

It works now ...

View solution in original post

chris
Motivator

Running:

ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"

as suggested in: https://docs.splunk.com/Documentation/Splunk/6.6.1/Security/TestyourLDAPconfiguration helped.

Adding -d -1 to get debug output:

ldapsearch -d -1 -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"

yields:

TLS: error: connect - force handshake failure: errno 13 - moznss error -12286
TLS: can't connect: TLS error -12286:Cannot communicate securely with peer: no common encryption algorithm(s)..
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I am not the ldap-admin so I commented the TLS_PROTOCOL and TLS_CIPHER lines in:
$SPLUNK_HOME/etc/openldap/ldap.conf

#TLS_PROTOCOL_MIN 3.3
#TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

It works now ...

hettervik
Builder

Worked for me as well! Only had to comment out the `TLS_CIPHER_SUITE` setting in ldap.conf. However, I can't figure out exactly why this fixes the problem. I've looked through some documentation, and can se that `TLS_CIPHER_SUITE` defaults to a standard setting, so what happens when it's commented? Would it compromise security in any way to comment it?

Documentation on `TLS_CIPHER_SUITE` and ldap.conf: https://www.openldap.org/software//man.cgi?query=ldap.conf&sektion=5&apropos=0&manpath=OpenLDAP+2.4-...

0 Karma

nick405060
Motivator

I had to both comment out not only #TLS_PROTOCOL_MIN and #TLS_CIPHER_SUITE, but #TLS_CACERTDIR as well. Kind of a combination of both of these answers:

https://answers.splunk.com/answers/543501/error-binding-to-ldap-reasoncant-contact-ldap-serv.html
https://answers.splunk.com/answers/607006/having-trouble-connecting-to-ldap-server-with-ssl.html

0 Karma

burwell
SplunkTrust
SplunkTrust

I installed a fresh version of Splunk and ran into this very issue today! Thanks for documenting this.

0 Karma

wanquan224
Engager

Disable the TLS_PROTOCOL_MIN & TLS_CIPHER_SUITE worked at 7.1.1 too.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...