Re: Splunk SOAR authentication to Active Directory...

rogerwolcott · ‎08-21-2023

Under SOAR version 6.1.0.131, I configured LDAP authentication. When I click "test authentication" it says Connection Successful. But when I place a test User and/or test Group it states "Test Authentication Fails". And when I try to create a user and choose LDAP, it says "Unable to locate user, please check LDAP configuration". Going around and around.

phanTom · ‎08-22-2023

@rogerwolcott as far as I know you can't create LDAP users on the platform. Once connected via LDAP you simply log on with your domain credentials and then the LDAP config should pull the account details down and create the user on SOAR.

One possibility is that the bind account used doesn't have the permissions to view the domain so it can't find the test user. This might be why the test connectivity works until you add another user?

Ofc I would also check the config on both sides again just to make sure permissions are set correctly.

rogerwolcott · ‎08-22-2023

I've tried it with a bind account that has elevated access, still no luck. FYI, you can create the following user types: Local, Automation, LDAP. I've setup LDAP with the same credentials for our Splunk implementation successfully but it will not work in Soar. Bug?

Why doesnt Splunk SOAR authentication to Active Directory LDAP seem to work?

using SOAR ⁄ Phantom

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting