Splunk is using Simple Bind method for LDAP connection. For users who are:
Using Active Directory (AD) and
Choosing LDAP (AD) as authentication method for Splunk and
NOT using LDAPS (LDAP on SSL)
will need to take action as AD will deny connection from non-SSL connection when Simple Bind is used.
For resolution, users are required to configure AD to accept SSL connection and set SSLEnabled = 1 in authentication.conf file.
Note that if self-signed cert is used in AD, settings like TLS_REQCERT=never or TLSCACertificatePath=<path> (CA cert used to generate self-signed cert required) needs to be set in $SPLUNK_HOME/etc/openldap/ldap.conf file. (Link to documentation on this config file)
... View more