Re: Splunk users won't update in Ldap authenticati...

dunyaelbasan · ‎07-06-2020

I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth.

A part of the Log:

07-06-2020 11:15:31.651 +0300 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="ext01d3695". Search filter="(&(uid=EXT01D3695)(&(status=1)(l=KAYSERI)))" strategy="TEST-ISTANBUL"

richgalloway · ‎07-06-2020

Has this ever worked? If so, what changed two weeks ago?
Have you reviewed your LDAP configuration?

---
If this reply helps you, Karma would be appreciated.

dunyaelbasan · ‎07-07-2020

Yes, it has been working without any problems for last 3 months. LDAP admins didn't change anything on config side. Is there a kind of log file for examining the errors except for splunkd.log?

richgalloway · ‎07-07-2020

Yes, there are many log files in $SPLUNK_HOME/var/log/splunk. I don't have access to an LDAP-authenticated system to verify, but I believe the file you want is splunkd.log.

---
If this reply helps you, Karma would be appreciated.

isoutamo · ‎07-07-2020

Yes, those errors are stored at least Splunkd.log as @richgalloway said.

Splunk users won't update in Ldap authentication

other

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!