Re: Splunk users won't update in Ldap authenticati...

dunyaelbasan · ‎07-06-2020

I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth.

A part of the Log:

07-06-2020 11:15:31.651 +0300 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="ext01d3695". Search filter="(&(uid=EXT01D3695)(&(status=1)(l=KAYSERI)))" strategy="TEST-ISTANBUL"

richgalloway · ‎07-06-2020

Has this ever worked? If so, what changed two weeks ago?
Have you reviewed your LDAP configuration?

---
If this reply helps you, Karma would be appreciated.

dunyaelbasan · ‎07-07-2020

Yes, it has been working without any problems for last 3 months. LDAP admins didn't change anything on config side. Is there a kind of log file for examining the errors except for splunkd.log?

richgalloway · ‎07-07-2020

Yes, there are many log files in $SPLUNK_HOME/var/log/splunk. I don't have access to an LDAP-authenticated system to verify, but I believe the file you want is splunkd.log.

---
If this reply helps you, Karma would be appreciated.

isoutamo · ‎07-07-2020

Yes, those errors are stored at least Splunkd.log as @richgalloway said.

Splunk users won't update in Ldap authentication

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation