i have configred my splunk deployment (hosted on AWS instances) to use LDAP authentication over ssl, but whenever i try to login using my ldap credentials, i have to click on the login buttom multiple times to successfully login, when i use my local authentication credentials it works fine. Below is a snippet of my authentication.conf configs (with sensitive info masked)
[My_splunk_strategy_name] SSLEnabled = 1 anonymous_referrals = 1 bindDN = CN=<service account>,OU=<OU Name 1>,OU=<OU Name 2>,OU=<OU Name 3>,DC=<DC Name 1>,DC=<DC Name 2> bindDNpassword = my_password charset = utf8 emailAttribute = mail groupBaseDN = OU=<OU Name 1>,OU=<OU Name 2>,OU=<OU Name 3>,OU=<OU Name 4>,DC=<DC Name 1>,DC=<DC Name 2>;OU=<Another_OU Name 1>,OU=<Another_OU Name 2>,OU=<Another_OU Name 3>,OU=<Another_OU Name 4>,DC=<DC Name 1>,DC=<DC Name 2> groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = ldap_hostname nestedGroups = 0 network_timeout = 29 port = 636 realNameAttribute = cn sizelimit = 2000 timelimit = 28 userBaseDN = DC=<DC Name 1>,DC=<DC Name 2> userNameAttribute = samaccountname pagelimit = -1
i have another splunk instance which is using similar configs and authentication works perfectly there (no need to click multiple times). The differances there are
1. there we use ldap and not ldaps
2. there the groupBaseDN has lesser number of OUs
So i tried on my current setup with LDAP (port 389 instead of 636 and SSLEnabled = 0 ) but still faced the same issue.
Am i missing anything here? any suggestions on how to resolve this issue.
Note: The security groups and NACLs rules are not an issue as i have already verified with AWS support on that.
You're not being patient enough for the auth to take place.
Test it. Put in your ldap credentials and only press the button once... wait...
If you open your browsers developer tools and look at the network tab, you will see your browser is pending a response from your submission.
Clicking multiple times has 0 affect. It's time that's if the essence. Check your bandwidth to your ldap controllers, their performance, etc.
This happens often when you have very large ldap scopes defined. So you can also help speed this up by adding group filters etc to your ldap connection settings.
Yes, my bad i forgot to mention it in the post. i did check the developer tools, network tab. If i click once and wait (patiently), it eventually throws an "Invalid username or password" error although i did key in the correct username and password, and eventually after multiple clicks i am able to login.
I also had done a test where i had clicked on login once, noted down the time and waited for it to fail/login.
example like this below
Also, i did notice that my groupBaseDN does not have a CN and have multiple OUs (when compared to another working splunk cluster which has lesser OUs and a CN defined in groupBaseDN), do you think that might be the issue?
Yes, that's what I mean by adding filters to your ldap settings.
In large AD environments it's almost required to add a group base etc.
this got resolved, looks like the config file was missing some attributes in userBaseDN. after adding them, it works.