Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft LDAP Phantom App

danieldelacasa
Explorer
‎10-16-2020 05:08 AM

Hi,

We are trying to retrieve configuration both for AD and LDAP using the "Microsoft LDAP App" for Phantom using a new Playbook, but before that we want to get connection working.

We have an asset with our LDAP server (user and password working) but when we make the "Test connectivity" it shows us this message:

 

danieldelacasa_0-1602849860361.png

There is no place to put the Base DN, how can we get the connection done?

Thanks in advance!

Reply

phanTom
SplunkTrust
SplunkTrust
‎10-19-2020 05:33 AM

@danieldelacasa as far as I can see the app just uses the 'ldap' python library, so shouldn't be MS Only. 
What version of the App & Phantom are you using?

Reply

danieldelacasa
Explorer
‎10-19-2020 03:34 AM

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

Reply

phanTom
SplunkTrust
SplunkTrust
‎10-16-2020 05:17 AM

@danieldelacasa I suspect this is a permissions issue in that the account being used to connect to LDAP isn't able to access the relevant part (Base DN) of your LDAP tree?

There could also be the requirement from the LDAP server for SSL comms and it appears that failed. Or there could be a network issue between Phantom and LDAP over either port (389/636).

All are worth checking but I would start with the permissions on your account being used to query LDAP.

Hope this helps.

Reply

danieldelacasa
Explorer
‎10-19-2020 01:26 AM

Hi,

The credentials configured in Phantom App are the same as the ones in the current scripts we are running and want to replace by Phantom app so they are right, I also have tested them in my Python environment.

We are going to check comms betwenn Phantom and the LDAP server we want to connect to.

Thanks for the information, we will let you know if we have solved the problem.

 

Reply

danieldelacasa
Explorer
‎10-19-2020 03:43 AM

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...