I'm trying to connect Splunk to and LDAP server that requires authentication with client x509 certificates.
Based on http://docs.splunk.com/Documentation/Splunk/latest/Security/TestyourLDAPconfiguration, I've been working with ldapsearch, a .ldaprc file, and trying to move the settings into splunk's authentication.conf and etc/openldap/ldap.conf.
This is the content of my ldap.conf file:
ssl start_tls
TLS_REQCERT demand
TLS_CERT [cert_path]/app.cert
TLS_KEY [cert_path]/app.key
TLS_CACERT [cert_pat]/ca.cert
TLS_CACERTDIR [cert_path]
SASL_MECH EXTERNAL
I have my system logging set to debug for AuthenticationManagerLDAP and ScopedLDAPConnection, and this is what I get:
02-21-2013 15:05:51.876 -0800 DEBUG ScopedLDAPConnection - strategy="LDAP" Initializing with LDAPURL="ldap://[ldap_host]:389"
02-21-2013 15:05:51.876 -0800 DEBUG ScopedLDAPConnection - strategy="LDAP" Attempting anonymous bind
02-21-2013 15:05:51.975 -0800 DEBUG ScopedLDAPConnection - strategy="LDAP" Bind successful
02-21-2013 15:05:51.975 -0800 DEBUG ScopedLDAPConnection - strategy="LDAP" Attempting to read entry at DN="[dn]"
02-21-2013 15:05:51.975 -0800 DEBUG ScopedLDAPConnection - strategy="LDAP" Attempting to search subtree at DN="[dn]" using filter=""
02-21-2013 15:05:51.989 -0800 DEBUG ScopedLDAPConnection - strategy="LDAP" Search duration="13.68 milliseconds"
02-21-2013 15:05:51.989 -0800 ERROR ScopedLDAPConnection - strategy="LDAP" Could not read invalid entry at DN="[dn]"
02-21-2013 15:05:51.989 -0800 ERROR AdminHandler:AuthenticationHandler - Could not find userBaseDN on the LDAP server: [dn]
From that, it looks like the client cert configuration, and the SASL EXTERNAL mechanism are being ignored. This configuration has worked with ldapsearch, and the perl libraries Net::LDAP and Authen::SASL.
Is it possible to use client certificates in this way with Splunk, and if so, what configuration am I missing?
thanks,
Patrick
... View more