Assuming that (1) you're on Splunk 6.3 and (2) the SH has got access to ActiveDirectory this problem is easily solved by a one line change to each of the files: sa-ldapsearch/bin/
{ldapfilter.py,ldapgroup.py,ldapsearch.py,ldapfetch.py, ldaptestconnection.py}
Here’s the change to make in each file:
Change this:
@Configuration()
to:
@Configuration(local=True)
[If you already have something within the ()'s, just add the local=True to what's already there.]
If you’re running on Splunk 6.2 or lower, you should add this line to each stanza in sa-ldapsearch/default/command.conf:
local = true
Save the files and restart the Splunk instance on the Search Head(s). Retest to verify the workaround worked.
... View more