I have a proxy that logs to my SPLUNK and send it an information (userid). With that information I need to search my LDAP server for another information (User Name) and create a new field.
The splunk configuration is done, I created a Lookup script to populate SPLUNKs tables. First, I made a simple python script that didn't search my LDAP server, just returning a sample string and it worked.
My Problem started when I decided to include the LDAP search part.
After implement the python script, I realized that splunk's python does not have LDAP module installed. So I searched and found that it would be very difficult to install that module in splunk's python.
So, trying to solve my immediate problem, I wrote another script in SHELL that uses ldapsearch command to get the information from my ldap server and made a wrapper in python so that splunk could call this SHELL script via the commands.getoutput() function.
When I execute the command on the commandline, I get no problem (see below), but inside a search in splunk I get a "No such file or directory" files in what should be the User Names on the table.
Splunk is not finding the SHELL script inside the python wrapper.
I prefer to make everything in python, but if I manage to make the shell wrapper work, It solves my problem while I can try to make the other way work.
My script's call function:
def search_ldap(client, user):
path = '/opt/splunk/etc/apps/my_app/bin/'
logger.info("Path: %r", path)
cmd = 'nome_' + client.lower() + '.sh '
nome_ldap = commands.getoutput(path + cmd + user)
return nome_ldap
Runing from command line:
# cat /tmp/ldap.csv | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/my_app/bin/nome_shell_wrapper.py parameter1
user_id,nome_usuario
thomas,Thomas Ribeiro
Error message on splunk's table:
sh: /opt/splunk/etc/apps/my_app/bin/nome_parameter1.sh: No such file or directory
Thanks !
... View more