Security

splunk ldap errors troubleshoot

net1993
Path Finder

Hello
I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.
I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.
If I go in UI -> reload authentication strategy - > No error and everything is success, as well as I can see users under different mapped groups.

I have tried some different troubleshoot methods but nothing works.
1. Tried to run from unix terminal :
ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
-> ldap_result: Can't contact LDAP server (-1)
so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?
I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case.
How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?

I tried also to run
| ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:
External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/init.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".

Labels (1)
Tags (2)
0 Karma

codebuilder
SplunkTrust
SplunkTrust

Splunk LDAP search is, by default, limited to the first 1000 searches. If a user exists beyond that, it will fail.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...