Security

What can be done with intermittent ldap issues?

ddrillic
Ultra Champion

Quite often we are in a state that our users can't log on to the Splunk UI for 10-20 minutes. All along we were sure that it's the fault of the ldap service.

We were just told that the following might assist -

Reload the ldap configuration - settings > access conrols > authentication method > reload authentication configuration

Any idea why?

Tags (1)
0 Karma

brreeves_splunk
Splunk Employee
Splunk Employee

@ddrillic reloading auth would not have an effect on auth not working. Splunk will go through whichever LDAP Strategies you have configured. Depending on the core of your LDAP, you might try cloning to a second one and adding a second strategy to hit that server when your primary is having issues. But you were right, this VERY likely won't be Splunk, as Splunk will attempt to connect to the LDAP server each time the user tries to log in to make sure that they're still supposed to have access.

nitingoyal
Engager

I am also facing the same issue, by any chance are you able to resolve it?

297406
Engager

I am too facing the similar issue , Any idea on how to resolve this situation ? I have tried to reload the authentication configuration , But that didn't help .

0 Karma

ddrillic
Ultra Champion

In our case, it was usually an issue with the ldap service and had nothing to do with Splunk itself.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!