I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.
I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.
If I go in UI -> reload authentication strategy - > No error and everything is success, as well as I can see users under different mapped groups.
I have tried some different troubleshoot methods but nothing works.
1. Tried to run from unix terminal :
ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
-> ldap_result: Can't contact LDAP server (-1)
so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?
I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case.
How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?
I tried also to run
| ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:
External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/init.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".