Security

Why do I see "Invalid credentials" while creating ldap strategy with "ssl start_tls" config?

hrawat_splunk
Splunk Employee
Splunk Employee

If I add strategy in authentication.conf manually and edit ldap.conf

authentication.conf 
[test_ldap]
SSLEnabled = 1
host = ldap.myldap.com
port = 636
anonymous_referrals = 1
bindDN = xxxx
bindDNpassword = xxxx
emailAttribute = mail
groupBaseDN = xxxx
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
nestedGroups = 0
network_timeout = 20
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = dc=xxxx
userNameAttribute = uid

ldap.conf
ssl start_tls
TLS_REQCERT never
TLS_CERT <SPLUNKHOME>/auth/mycert.pem
TLS_KEY <SPLUNKHOME>auth/myprivatekey.pem
0 Karma

hrawat_splunk
Splunk Employee
Splunk Employee

The reason for failure is that TLS_CERT and TLS_KEY are user-only options according to man page for LDAP.CONF(5).

TLS_CERT
Specifies the file that contains the client certificate. This is a user-only option.

TLS_KEY
Specifies the file that contains the private key that matches the certificate stored in the TLS_CERT file. Currently, the private key must not be pro‐
tected with a password, so it is of critical importance that the key file is protected carefully. This is a user-only option.

All user-only options must be in .ldaprc or ldaprc file not ldap.conf. Location for .ldaprc/ldaprc is under user's home directory and not under splunk install directory.

user files $HOME/ldaprc, $HOME/.ldaprc

0 Karma
Get Updates on the Splunk Community!

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...