Solved: Re: LDAP configuration issue

nareshinsvu · ‎07-16-2019

I am trying to set-up LDAP authentication. But not able to proceed with below error when adding new LDAP strategy.
Infra teams confirm on the correctness of the userBaseDN. Need help

Encountered the following error while trying to save: Could not find userBaseDN on the LDAP server: OU=Service accounts,OU=Secured Accounts,OU=Accounts,DC=NTSH,DC=LOCAL

nareshinsvu · ‎07-29-2019

It worked only after specifying
groupBaseDN - a complete DN (including CN) of my LDAP group
userBaseDN - a complete DN (including CN) of all the users(semicolon seperated) of the group under userBaseDN

Really strange if the documentation is not user friendly OR too many config parameters to setup LDAP. Splunk should have simply asked us to provide LDAP server name and the groupBaseDN. Hope this will be done in future releases.

Thanks all for your inputs.

View solution in original post

nareshinsvu · ‎07-29-2019

It worked only after specifying
groupBaseDN - a complete DN (including CN) of my LDAP group
userBaseDN - a complete DN (including CN) of all the users(semicolon seperated) of the group under userBaseDN

Really strange if the documentation is not user friendly OR too many config parameters to setup LDAP. Splunk should have simply asked us to provide LDAP server name and the groupBaseDN. Hope this will be done in future releases.

Thanks all for your inputs.

Jarohnimo · ‎07-26-2019

When you're adding your user base and group base DNs are you copying them directly from ADSI edit to ensure you have the full string? The smallest mistake in the DN would cause this error. Verify the DN is correct also that the account your running the LDAP strategy with has Rights to view that AD object. Generally all your AD objects are read only and available.

LDAP strategy can be a pain but understanding that both the users security group and User location can and should be specified when setting things up. I have a feeling splunk isn't lying here..

nareshinsvu · ‎07-28-2019

Yes, I am copying directly from the AD ldap tool - "Right click"-> "Copy DN". But no luck

Do you have working conf file for ldap settings? Maybe I will try to co-relate and see what mistakes I am doing?

Jarohnimo · ‎07-29-2019

Unfortunately mines isn't on a public subnet.

Are you using your domain name as the ldap server name?

Some people put their local domain controller host name or IP. I use the domain name root that way if they change out a domain controller or switch the IP I'm always good. For example: Mydomain.com (whatever your company's logical domain name is) vs servername.

You can test your ldap strategy accounts rights by going to start...run... Type in dsa.msc and run as the ldap strategy binding name. If that account can't view AD objects them that could be your problem. You could try with your own personal admin account (not recommend in the long) but good way to rule out it being the account

harsmarvania57 · ‎07-26-2019

Hi,

User which you are using to authentication with LDAP has access to OU=Service accounts,OU=Secured Accounts,OU=Accounts,DC=NTSH,DC=LOCAL ?

nareshinsvu · ‎07-28-2019

Yes, Able to veiw the ldap configurations - Read access.

Do you have working conf file for ldap settings? Maybe I will try to co-relate and see what mistakes I am doing?

nareshinsvu · ‎07-25-2019

Hello Champions - Anyone faced and resolved this issue?

gcusello · ‎07-26-2019

Hi nareshinsvu,
which Splunk and TA version are you using? two years ago there was a bug on LDAP TA.
Bye.
Giuseppe

nareshinsvu · ‎07-28-2019

I am on almost latest version - 7.2.5

LDAP configuration issue

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?