Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk users won't update in Ldap authentication

dunyaelbasan
Path Finder
‎07-06-2020 04:09 AM

I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth.

A part of the Log:

07-06-2020 11:15:31.651 +0300 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="ext01d3695". Search filter="(&(uid=EXT01D3695)(&(status=1)(l=KAYSERI)))" strategy="TEST-ISTANBUL"

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-06-2020 06:56 AM
Has this ever worked? If so, what changed two weeks ago?
Have you reviewed your LDAP configuration?
---
If this reply helps you, Karma would be appreciated.
Reply

dunyaelbasan
Path Finder
‎07-07-2020 03:15 AM

Yes, it has been working without any problems for last 3 months.  LDAP admins didn't change anything on config side.  Is there a kind of log file for examining the errors except for splunkd.log?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-07-2020 06:40 AM
Yes, there are many log files in $SPLUNK_HOME/var/log/splunk. I don't have access to an LDAP-authenticated system to verify, but I believe the file you want is splunkd.log.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-07-2020 12:18 PM
Yes, those errors are stored at least Splunkd.log as @richgalloway said.
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...