Splunk SOAR

Microsoft LDAP Phantom App

danieldelacasa
Explorer

Hi,

We are trying to retrieve configuration both for AD and LDAP using the "Microsoft LDAP App" for Phantom using a new Playbook, but before that we want to get connection working.

We have an asset with our LDAP server (user and password working) but when we make the "Test connectivity" it shows us this message:

 

danieldelacasa_0-1602849860361.png

There is no place to put the Base DN, how can we get the connection done?

Thanks in advance!

phanTom
SplunkTrust
SplunkTrust

@danieldelacasa as far as I can see the app just uses the 'ldap' python library, so shouldn't be MS Only. 
What version of the App & Phantom are you using?

danieldelacasa
Explorer

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

phanTom
SplunkTrust
SplunkTrust

@danieldelacasa I suspect this is a permissions issue in that the account being used to connect to LDAP isn't able to access the relevant part (Base DN) of your LDAP tree?

There could also be the requirement from the LDAP server for SSL comms and it appears that failed. Or there could be a network issue between Phantom and LDAP over either port (389/636).

All are worth checking but I would start with the permissions on your account being used to query LDAP.

Hope this helps.

danieldelacasa
Explorer

Hi,

The credentials configured in Phantom App are the same as the ones in the current scripts we are running and want to replace by Phantom app so they are right, I also have tested them in my Python environment.

We are going to check comms betwenn Phantom and the LDAP server we want to connect to.

Thanks for the information, we will let you know if we have solved the problem.

 

danieldelacasa
Explorer

Connection works OK, it seems that the vendor LDAP is not integrating with the current version of Phantom that only integrates with Microsoft vendor if I'm not wrong

How can we ask for adding integration with IBM LDAP?

Thanks in advance!

Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...