The Active Directory/LDAP debug script is used to view a detailed output of the connection and authentication attempt between Splunk Phantom and an Active Directory instance. The script accesses the Splunk Phantom database and uses the Active Directory server configuration and credentials as configured in Splunk Phantom. For a copy of the debug script, open a Support case.
WARNING: The debug script output will contain the Active Directory password in plain text. It is your responsibility to sanitize the report before sharing with unauthorized persons.
Before running the script, verify the Splunk Phantom Active Directory settings are configured with the credentials intended for the debug script to use.
In Splunk Phantom, select Administration > System Settings > Authentication.
Verify the credentials listed in the Active Directory Settings fields.
Click Save Changes.
Run the Active Directory/LDAP connection and authentication debug script.
Transfer the script "test_ldap.pyc" to the Phantom server.
Phantom 2.1and previous: Change the current user toapache.
[root@localhost user]# sudo -u apache bash
Phantom 2.1and previous: Run the test_ldap.pyc script.
[root@localhost user]# python2.7 test_ldap.pyc
Phantom 3.0to current: Change the current user tonginx.
[root@localhost user]# sudo -u nginx bash
Phantom 3.0to current: Run the test_ldap.pyc script.