Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk failed to connect to LDAP via port 636

daniel_splunk
Splunk Employee
Splunk Employee
‎01-17-2019 11:38 PM

I tried to configure Splunk to connect to Windows 2012R2 LDAP with SSL via port 636 but failed with below command.

01-11-2018 15:44:18.528 +0800 DEBUG ScopedLDAPConnection - strategy="LDAP Lab" Initializing with LDAPURL="ldaps://10.10.10.32:636"
01-11-2018 15:44:18.528 +0800 DEBUG ScopedLDAPConnection - strategy="LDAP Lab" Attempting bind as DN="cn=svc_splunk_to_ad,ou=tech,ou=users,ou=systems,dc=abd,dc=hk"
01-11-2018 15:44:18.528 +0800 ERROR ScopedLDAPConnection - strategy="LDAP Lab" Error binding to LDAP. reason="Can't contact LDAP server"
01-11-2018 15:44:18.528 +0800 DEBUG ScopedLDAPConnection - strategy="LDAP Lab" Successfully performed unbind

Using openssl to test LDAP is able to get response for TLS 1.1 and TLS 1.2.

    ./splunk cmd openssl s_client -tls1_1 -connect 10.10.10.32:636
    :
    skipping
    :
    CONNECTED(00000003)
    ---
    New, TLSv1/SSLv3, Cipher is AES128-SHA
    Server public key is 2048 bit


    ./splunk cmd openssl s_client -tls1_2 -connect 10.10.10.32:636
    :
    skipping
    :
    CONNECTED(00000003)
    ---
    New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
    Server public key is 2048 bit

From above, the cipher for TLS1.2 is AES128-GCM-SHA256

Tags (2)
0 Karma
Reply

daniel_splunk
Splunk Employee
Splunk Employee
‎01-17-2019 11:40 PM

Can you try concat the certs into a single pem file, and have TLS_CACERT pointing at it an also commented out TLS_CACERTDIR attribute, like below:

TLS_REQCERT never
TLS_CACERT /opt/splunk/etc/openldap/certs/Your_Cert_Chain.pem
#TLS_CACERTDIR /opt/splunk/etc/openldap/certs
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...