I have roughly 100 users who are functioning just fine in an LDAP (AD) authenticated splunk deployment. There is one user who isn't showing up in the user list. The group membership didn't match at first, but now it does. The user still isn't showing up. I tried restarting splunk and also refreshed the LDAP configuration.
Does anyone have any ideas as to how to get splunk to pull the userlist down again?
This is Splunk 4.2.2 (101277).
In this case, the issue was that this single user didn't have a defined "displayName".
There are two options...
1) Change the "Real Name Attribute" to CN, which will always be there.
OR
2) Add a displayName, which is what I did.
Problem solved, though it would be super nice if the error message was something more detailed than:
10-17-2011 11:30:23.020 -0600 ERROR ScopedLDAPConnection - Could not read invalid entry at DN CN=My User,CN=Users,DC=domain,DC=com
In this case, the issue was that this single user didn't have a defined "displayName".
There are two options...
1) Change the "Real Name Attribute" to CN, which will always be there.
OR
2) Add a displayName, which is what I did.
Problem solved, though it would be super nice if the error message was something more detailed than:
10-17-2011 11:30:23.020 -0600 ERROR ScopedLDAPConnection - Could not read invalid entry at DN CN=My User,CN=Users,DC=domain,DC=com
if you get an ldif of this user and a working one, is there any difference in objectclasses and such?