Security

My LDAP strategy is disabled and I cannot enable it. Why?

lycollicott
Motivator

it creates fine and connects to the ldap server fine, but just won't enable. Is
Here is my authentication.conf (which is identical to an instance which works)....

[xxx.domain.com]
SSLEnabled = 0
anonymous_referrals = 1
bindDN = CN=splunkldap,OU=Hosting - Operations Analysts,OU=Prod-Users,DC=xxx,DC=domain,DC=com
bindDNpassword = xxxxxxxxxxxxxxxxxxxxxxxxxxx
charset = utf8
emailAttribute = mail
groupBaseDN = ou=Prod-Users,DC=xxx,DC=domain,DC=com
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = *******
nestedGroups = 0
network_timeout = 20
port = 389
realNameAttribute = cn
sizelimit = 1000
timelimit = 15
userBaseDN = ou=Prod-Users,DC=xxx,DC=domain,DC=com
userNameAttribute = samaccountname

[authentication]
authSettings = xxx.domain.com
authType = LDAP
0 Karma
1 Solution

javiergn
Super Champion

Hi,

  • Do you have a valid Enterprise License or are you using a free one? The latter won't allow LDAP. See this: http://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html

  • Did you re-enter the LDAP user password in the GUI in your second instance? The password is encoded with a local key and this is likely going to be different between your two instances

  • Is the account you are using to connect to AD locked out?

Hope that helps.

View solution in original post

0 Karma

AlexKamalov
New Member

Pardon for being redundant. I have a DEV/Test Enterprise Non-Production  license for Splunk, expiring in Mar 6, 2021. Will Splunk still refuse to enable LDAP under this licensing term?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

https://www.splunk.com/en_us/resources/personalized-dev-test-licenses/faq.html Based on that I suppose that it don’t support LDAP. You could check from _internal which features are enabled after starting your instance.

r. Ismo

0 Karma

javiergn
Super Champion

Hi,

  • Do you have a valid Enterprise License or are you using a free one? The latter won't allow LDAP. See this: http://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html

  • Did you re-enter the LDAP user password in the GUI in your second instance? The password is encoded with a local key and this is likely going to be different between your two instances

  • Is the account you are using to connect to AD locked out?

Hope that helps.

0 Karma

lycollicott
Motivator

Ah, it was a heavy forwarder I had converted to a forwarder license and that only includes Auth instead of LDAPAuth.

0 Karma

prateedshetty
Path Finder

Hi,

I'm facing the same issue. Can you please let me know what change you made?

TIA

0 Karma

lycollicott
Motivator

I configured my heavy forwarder to use my license manager server.

You do that from Settings->Licensing

0 Karma

prateedshetty
Path Finder

Oh got it! Thanks 🙂

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...