Splunk Search

LDAP strategy is not returning any groups.

fabianbr
New Member

Hello everyone.

I have configured LDAP with my splunk, everything seems to be working correctly, but i'm getting the following error message.

"Your LDAP strategy 'ldap1' is not returning any groups. Please check your LDAP configuration or consult splunkd.log for LDAP errors."

Here's what my authentication.conf file looks like.

[authentication]
authType = LDAP
authSettings = ldap1

[ldap1]
host = sjcldap.ad.ea.com
port = 3268
SSLEnabled = 0
bindDN = esmguest
bindDNpassword = ############
userBaseDN = dc=ad,dc=ea,dc=com
userBaseFilter = (objectclass=)
groupBaseDN = dc=ad,dc=ea,dc=com
groupBaseFilter = (objectclass=
)
userNameAttribute = sAMAccountName
realNameAttribute = displayName
groupMappingAttribute = uid
groupMemberAttribute = uniqueMember
groupNameAttribute = uid

[roleMap_ldap1]

And i'm seeing this in my splunkd.log file

08-15-2013 07:14:24.071 -0700 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
08-15-2013 07:14:32.089 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="admin" was not found on the LDAP server, removing it from the role map
08-15-2013 07:14:32.264 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="dbarajas@contractor.ea.com" was not found on the LDAP server, removing it from the role map
08-15-2013 07:15:59.219 -0700 WARN AdminManager - Endpoint has not specified a type for val=LDAP, will return this as a string in JSON API.
08-15-2013 07:19:02.841 -0700 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
08-15-2013 07:19:15.988 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="Admin" was not found on the LDAP server, removing it from the role map
08-15-2013 07:19:16.049 -0700 WARN AuthenticationManagerLDAP - strategy="ldap1" The group="Users" was not found on the LDAP server, removing it from the role map
08-15-2013 18:09:32.183 -0700 ERROR AuthenticationManagerLDAP - Could not find user="nobody" with strategy="ldap1"
08-15-2013 18:09:32.184 -0700 ERROR UserManagerPro - Failed to get LDAP user="nobody" from any configured servers

Any help you can provide is welcomed.

Have a Great Day.

Regards.

0 Karma

stemo76
Explorer

We found that only populated groups will show in the UI. Empty groups are omitted. You can probably edit the authentication.conf file to add your groups.

We also left the user filter empty.

mendesjo
Path Finder

Good find Stemo76. was ready to pull my hair out ..

0 Karma

SirHill17
Communicator

What should be edited in the authentication.conf to be able to find empty group ?

0 Karma
Get Updates on the Splunk Community!

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...

Want to Reduce Costs, Mitigate Risk, Improve Performance, or Increase Efficiencies? ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...