Hey there,
I have been trying to figure out why Splunk can't authenticate against my OpenLDAP server. Current configuration looks like this:
SSLEnabled = 1
anonymous_referrals = 0
bindDN = cn=admin,ou=meta,dc=my,dc=example,dc=com
bindDNpassword =
charset = utf8
groupBaseDN = ou=Group,dc=my,dc=example,dc=com
groupBaseFilter = (|(cn=GROUP1)(cn=GROUP2))
groupMappingAttribute = dn
groupMemberAttribute = memberuid
groupNameAttribute = cn
host = my.example.com
nestedGroups = 0
network_timeout = -1
port = 636
realNameAttribute = cn
sizelimit = 10000
timelimit = 29
userBaseDN = ou=People,dc=my,dc=example,dc=com
userBaseFilter = (objectClass=posixAccount)
userNameAttribute = uid
Groups are mapped correctly (GROUP1 and GROUP2), but the users within these groups cannot authenticate. I have been looking at the LDAP logs and I can see these filters:
This specific ones, successfully gets the user data.
conn=379662 op=1 SRCH base="ou=People,dc=my,dc=example,dc=com" scope=2 deref=0 filter="(&(uid=USERNAME)(objectClass=posixAccount)(cn=*))"
Now this one is generated to look for the groups that this specific user is a member of:
conn=379662 op=2 SRCH base="ou=Group,dc=my,dc=example,dc=com" scope=2 deref=0 filter="(&(memberUid=uid=USERNAME,ou=people,dc=my,dc=example,dc=com)(|(cn=GROUP1)(cn=GROUP2))(cn=*))"
But it returns nothing, so user is not logged in, so essentially the filter does not work.
However this filter works: (&(memberUid=lkamenov)(|(cn=GROUP1)(cn=GROUP2))(cn=*))
Anyone have an idea what could be going wrong exactly? Would appreciate any help!
Thank you
Lou
... View more
