Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

LDAP Search don't work

ifarre
New Member
‎09-18-2013 08:31 AM

Hi,

Recently I configured splunk authentication and I mapped groups of our LDAP to use SPLUNK, but i tried to log-in through one LDAP user unsuccesfully.

This is the message that I can view in S.o.S for splunk when i attemp to log-in:

ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="xxxx". Search filter="(memberuid=uid=xxxx,ou=xxxx,dc=xxxx,dc=local)" strategy="FOO"

It seems that includes memberuid without sense for me. How could I configure correctly my ldap auth to achieve some ldap search similar to this one?

uid=xxxx,ou=xxxx,dc=xxxx,dc=local

Tags (1)
0 Karma
Reply

Voltaire
Communicator
‎11-30-2015 02:05 PM

Not sure how your AD is defined, however here is an example with a virtual AD for testing
Here is a sample LDAP search query

ldapsearch -h "YOURHOSTNAME" or "Ipaddress" -p "your LDAP port" -b "CN=Splunk Users,OU=Security Groups - SPLUNK,DC=YOURS,DC=IT,DC=Splunk,DC=edu" -x -D "Splunk service account" -W "groupNameAttribute"

My AD has a "OU" or group called "Security Groups-Splunk" Under that Group,
I created a "CN" or group called Splunk Users, you can place your potential users in that group.
The display or real user name is "Splunk Service account" -You will need to specify credentials when you test with LDAP search. So ensure you have the correct password. Otherwise your account maybe locked out based upon your inherent Security Group policies.
You can also substitute "realNameAttribute" "displayname" "member" "userNameAttribute"" after -W for further testing

Sample (Domain Component) or your Domain name = yours.IT.Splunk.edu

You can verify your ad configuration using another LDAP Windows GUI browser. I used Active Directory Explorer
Once it works go to Map groups to verify users from Splunk web interface

"http://YourSplunkServer.yours.IT.Splunk.edu8000/en-US/manager/yours/authentication/providers/LDAP"

HTHs

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...