Security

LDAP Configuration is asking for attributes 1.1 - failing

cam343
Path Finder

Hello I'm trying to configure Splunk 7.3.0 (657388c7a488) with LDAP authentication but it keeps failing during the setup with the error:

"Encountered the following error while trying to save: Could not find userBaseDN on the LDAP server: ou=Active Staff,ou=People,dc=mydomain,dc=edu"

After lots of debugging the ldap search it uses during the base configuration uses "Attributes 1.1" for LDAP.

ie This search works on our LDAP:

ldapsearch -x -H ldaps://10.231.4.20:636  -D "uid=cam34,ou=Active Staff,ou=People,dc=mydomain,dc=edu" -W -b "ou=Active Staff,ou=People,dc=mydomain,dc=edu" "(objectclass=*)"

How ever the following fails to return results:

ldapsearch -x -H ldaps://10.231.4.20:636  -D "uid=cam34,ou=Active Staff,ou=People,dc=mydomain,dc=edu" -W -b "ou=Active Staff,ou=People,dc=mydomain,dc=edu" "(objectclass=*)" 1.1

This "1.1" type search is what Splunk is trying to use.

How can I change this behaviour in Splunk?

Thanks
Cam

0 Karma
1 Solution

cam343
Path Finder

Solved it myself...
Turns out the problem was with the LDAP Proxy software itself (glauth).
Seems glauth doesnt understand attributes only searches ([github]/glauth/glauth/issues/89)

View solution in original post

0 Karma

cam343
Path Finder

Solved it myself...
Turns out the problem was with the LDAP Proxy software itself (glauth).
Seems glauth doesnt understand attributes only searches ([github]/glauth/glauth/issues/89)

0 Karma

cam343
Path Finder

No sorry - From the debugging I can see the search its failing on.
Definately an issue with attributes 1.1

09:57:43.048353 Search ▶ DEBU 01c Search req to backend: &ldap.SearchRequest{
    BaseDN:       "ou=Active Staff,ou=People,dc=mydomain,dc=edu",
    Scope:        0,
    DerefAliases: 0,
    SizeLimit:    1000,
    TimeLimit:    15,
    TypesOnly:    false,
    Filter:       "(objectclass=*)",
    Attributes:   {"1.1"},
    Controls:     {
    },
}
09:57:43.050451 Search ▶ DEBU 01d Backend Search result: &ldap.SearchResult{
    Entries: {
        &ldap.Entry{
            DN:         "ou=Active Staff,ou=People,dc=mydomain,dc=edu",
            Attributes: nil,
        },
    },
    Referrals: {},
    Controls:  {
    },
}
0 Karma

nareshinsvu
Builder

I recently got similar issues with userBaseDN messages. But my problem was with groupBaseDN

https://answers.splunk.com/answers/758767/ldap-configuration-issue.html

Did you provide groupBaseDN while defining your LDAP strategy?

groupBaseDN - a complete DN (including CN) of your LDAP group

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...