Splunk Phantom

Microsoft LDAP Phantom App

danieldelacasa
Explorer

Hi,

We are trying to retrieve configuration both for AD and LDAP using the "Microsoft LDAP App" for Phantom using a new Playbook, but before that we want to get connection working.

We have an asset with our LDAP server (user and password working) but when we make the "Test connectivity" it shows us this message:

 

danieldelacasa_0-1602849860361.png

There is no place to put the Base DN, how can we get the connection done?

Thanks in advance!

phanTom
SplunkTrust
SplunkTrust

@danieldelacasa as far as I can see the app just uses the 'ldap' python library, so shouldn't be MS Only. 
What version of the App & Phantom are you using?

danieldelacasa
Explorer

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

phanTom
SplunkTrust
SplunkTrust

@danieldelacasa I suspect this is a permissions issue in that the account being used to connect to LDAP isn't able to access the relevant part (Base DN) of your LDAP tree?

There could also be the requirement from the LDAP server for SSL comms and it appears that failed. Or there could be a network issue between Phantom and LDAP over either port (389/636).

All are worth checking but I would start with the permissions on your account being used to query LDAP.

Hope this helps.

danieldelacasa
Explorer

Hi,

The credentials configured in Phantom App are the same as the ones in the current scripts we are running and want to replace by Phantom app so they are right, I also have tested them in my Python environment.

We are going to check comms betwenn Phantom and the LDAP server we want to connect to.

Thanks for the information, we will let you know if we have solved the problem.

 

danieldelacasa
Explorer

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!