Splunk Search

Splunk users won't update in Ldap authentication

dunyaelbasan
Path Finder

I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth.

A part of the Log:

07-06-2020 11:15:31.651 +0300 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="ext01d3695". Search filter="(&(uid=EXT01D3695)(&(status=1)(l=KAYSERI)))" strategy="TEST-ISTANBUL"

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
Has this ever worked? If so, what changed two weeks ago?
Have you reviewed your LDAP configuration?
---
If this reply helps you, an upvote would be appreciated.

dunyaelbasan
Path Finder

Yes, it has been working without any problems for last 3 months.  LDAP admins didn't change anything on config side.  Is there a kind of log file for examining the errors except for splunkd.log?

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Yes, there are many log files in $SPLUNK_HOME/var/log/splunk. I don't have access to an LDAP-authenticated system to verify, but I believe the file you want is splunkd.log.
---
If this reply helps you, an upvote would be appreciated.
0 Karma

soutamo
SplunkTrust
SplunkTrust
Yes, those errors are stored at least Splunkd.log as @richgalloway said.
0 Karma