Splunk SOAR

Microsoft LDAP Phantom App

danieldelacasa
Explorer

Hi,

We are trying to retrieve configuration both for AD and LDAP using the "Microsoft LDAP App" for Phantom using a new Playbook, but before that we want to get connection working.

We have an asset with our LDAP server (user and password working) but when we make the "Test connectivity" it shows us this message:

 

danieldelacasa_0-1602849860361.png

There is no place to put the Base DN, how can we get the connection done?

Thanks in advance!

phanTom
SplunkTrust
SplunkTrust

@danieldelacasa as far as I can see the app just uses the 'ldap' python library, so shouldn't be MS Only. 
What version of the App & Phantom are you using?

danieldelacasa
Explorer

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

phanTom
SplunkTrust
SplunkTrust

@danieldelacasa I suspect this is a permissions issue in that the account being used to connect to LDAP isn't able to access the relevant part (Base DN) of your LDAP tree?

There could also be the requirement from the LDAP server for SSL comms and it appears that failed. Or there could be a network issue between Phantom and LDAP over either port (389/636).

All are worth checking but I would start with the permissions on your account being used to query LDAP.

Hope this helps.

danieldelacasa
Explorer

Hi,

The credentials configured in Phantom App are the same as the ones in the current scripts we are running and want to replace by Phantom app so they are right, I also have tested them in my Python environment.

We are going to check comms betwenn Phantom and the LDAP server we want to connect to.

Thanks for the information, we will let you know if we have solved the problem.

 

danieldelacasa
Explorer

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...