Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft LDAP Phantom App

danieldelacasa
Explorer
‎10-16-2020 05:08 AM

Hi,

We are trying to retrieve configuration both for AD and LDAP using the "Microsoft LDAP App" for Phantom using a new Playbook, but before that we want to get connection working.

We have an asset with our LDAP server (user and password working) but when we make the "Test connectivity" it shows us this message:

 

danieldelacasa_0-1602849860361.png

There is no place to put the Base DN, how can we get the connection done?

Thanks in advance!

Reply

phanTom
SplunkTrust
SplunkTrust
‎10-19-2020 05:33 AM

@danieldelacasa as far as I can see the app just uses the 'ldap' python library, so shouldn't be MS Only. 
What version of the App & Phantom are you using?

Reply

danieldelacasa
Explorer
‎10-19-2020 03:34 AM

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

Reply

phanTom
SplunkTrust
SplunkTrust
‎10-16-2020 05:17 AM

@danieldelacasa I suspect this is a permissions issue in that the account being used to connect to LDAP isn't able to access the relevant part (Base DN) of your LDAP tree?

There could also be the requirement from the LDAP server for SSL comms and it appears that failed. Or there could be a network issue between Phantom and LDAP over either port (389/636).

All are worth checking but I would start with the permissions on your account being used to query LDAP.

Hope this helps.

Reply

danieldelacasa
Explorer
‎10-19-2020 01:26 AM

Hi,

The credentials configured in Phantom App are the same as the ones in the current scripts we are running and want to replace by Phantom app so they are right, I also have tested them in my Python environment.

We are going to check comms betwenn Phantom and the LDAP server we want to connect to.

Thanks for the information, we will let you know if we have solved the problem.

 

Reply

danieldelacasa
Explorer
‎10-19-2020 03:43 AM

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...