Security

LDAP Search don't work

New Member

Hi,

Recently I configured splunk authentication and I mapped groups of our LDAP to use SPLUNK, but i tried to log-in through one LDAP user unsuccesfully.

This is the message that I can view in S.o.S for splunk when i attemp to log-in:

ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="xxxx". Search filter="(memberuid=uid=xxxx,ou=xxxx,dc=xxxx,dc=local)" strategy="FOO"

It seems that includes memberuid without sense for me. How could I configure correctly my ldap auth to achieve some ldap search similar to this one?

uid=xxxx,ou=xxxx,dc=xxxx,dc=local

Tags (1)
0 Karma

Communicator

Not sure how your AD is defined, however here is an example with a virtual AD for testing
Here is a sample LDAP search query

ldapsearch -h "YOURHOSTNAME" or "Ipaddress" -p "your LDAP port" -b "CN=Splunk Users,OU=Security Groups - SPLUNK,DC=YOURS,DC=IT,DC=Splunk,DC=edu" -x -D "Splunk service account" -W "groupNameAttribute"

My AD has a "OU" or group called "Security Groups-Splunk" Under that Group,
I created a "CN" or group called Splunk Users, you can place your potential users in that group.
The display or real user name is "Splunk Service account" -You will need to specify credentials when you test with LDAP search. So ensure you have the correct password. Otherwise your account maybe locked out based upon your inherent Security Group policies.
You can also substitute "realNameAttribute" "displayname" "member" "userNameAttribute"" after -W for further testing

Sample (Domain Component) or your Domain name = yours.IT.Splunk.edu

You can verify your ad configuration using another LDAP Windows GUI browser. I used Active Directory Explorer
Once it works go to Map groups to verify users from Splunk web interface

"http://YourSplunkServer.yours.IT.Splunk.edu8000/en-US/manager/yours/authentication/providers/LDAP"

HTHs