We have updated the password for the service account which we use for LDAP authentication. I have updated the new bindDnpassword in authentication file but when I restarted the splunk service the old password has been restored. After I spent some time I have understood that the splunk.secrete file restoring the old password.
I have followed the below steps and still the issue not fixed
1) Ran powershell command
Get-ChildItem -Recurse *.conf | Select-String -Pattern '\$1\$.' -List
etc\apps\Splunk_TA_windows\default\transforms.conf:807:FORMAT = abc
etc\system\local\authentication.conf:10:bindDNpassword = xyz
etc\system\local\server.conf:2:sslKeysfilePassword = 123
1) Updated the binddnpassword in authentication
bindDNpassword = xyzi bindDNpassword = newpassword
2) Restarted the splunk service - this time the old value not been restored in authentication file. I can see the value for binddnpassword has been encrypted in authentication file
Still the users unable to access splunk.