Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

splunk ldap errors troubleshoot

net1993
Path Finder
‎02-24-2020 01:35 AM

Hello
I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.
I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.
If I go in UI -> reload authentication strategy - > No error and everything is success, as well as I can see users under different mapped groups.

I have tried some different troubleshoot methods but nothing works.
1. Tried to run from unix terminal :
ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
-> ldap_result: Can't contact LDAP server (-1)
so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?
I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case.
How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?

I tried also to run
| ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:
External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/init.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".

Labels (1)
Labels
Tags (2)
0 Karma
Reply

codebuilder
SplunkTrust
SplunkTrust
‎03-16-2020 05:22 PM

Splunk LDAP search is, by default, limited to the first 1000 searches. If a user exists beyond that, it will fail.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...