Security

splunk ldap errors troubleshoot

net1993
Path Finder

Hello
I got complains that a users cannot login in splunk(Ldap setup) with error "Login failed" and if they wait 10 minutes , then is successful.
I checked the logs splunkd and there are Timeout messages once in a while as well as a lot of "Operation Error" but not else more precise.
If I go in UI -> reload authentication strategy - > No error and everything is success, as well as I can see users under different mapped groups.

I have tried some different troubleshoot methods but nothing works.
1. Tried to run from unix terminal :
ldapsearch -x –h myLdapserver –p myLdapserverport –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
-> ldap_result: Can't contact LDAP server (-1)
so I am not sure is the command correct and is it correct that I run it not like this ./splunk ldapsearch...?
I must be that the command is wrong because if there was somthing wrong with the ldap server then I guess all login attempts was going to fail all of the time which is not the case.
How can I troubleshoot if the problem is comming due to a long wait(there are two timeout settings in authentication.conf ) How to check if the problem is due to some of these are too low?

I tried also to run
| ldapsearch in splunk UI - result: after 2-3 minütes waiting seeming as it runs:
External search command 'ldapsearch' returned error code 1. Script output = "error_message=AttributeError at "/pack/splunk/etc/apps/SA-ldapsearch/bin/packages/app/init.py", line 325 : 'LDAPSocketOpenError' object has no attribute 'replace' ".

Labels (1)
Tags (2)
0 Karma

codebuilder
Influencer

Splunk LDAP search is, by default, limited to the first 1000 searches. If a user exists beyond that, it will fail.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...