Ldapsearch throwing spurious errors.

ifeldshteyn · ‎06-19-2020

Hello,

I have a Search head cluster and an indexer cluster.

When I am on one of the searchheads and run this ldapsearch command I get results. It works perfectly.

| ldapsearch search="(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))" domain="MYDOMAIN.COM"  basedn="OU=Users,OU=NYHQ,OU=US,DC=MYDOMAIN,DC=com"

However, all the indexers throw this spurious error, that doesn't seem to impact the results.

[indexer1.mydomain.com] External search command 'ldapsearch' returned error code 1. Script output = " ERROR "KeyError at ""/opt/splunk/var/run/searchpeers/B8AB8EAB-1DD4-42C8-83DE-945995C604D4-1592589919/apps/SA-ldapsearch/bin/packages/splunklib/client.py"", line 1653 : u'ldap'" "

When I login directly to my indexers and execute the same ldap search locally, I don't receive any errors.

SA-ldapsearch is configured on both indexers and searchheads. Each one has valid ldap.conf and passwords.conf and present in $SPLUNK_HOME$etc/apps/SA-ldapsearch . I am able to AD authenticate on all of the machines.

Any idea why I am getting these spurious errors thrown on the searchheads but not the indexers?

Thanks!

Ldapsearch throwing spurious errors.

other

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Ldapsearch throwing spurious errors.

other

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >