I keep receiving the error "External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN.' " . I included my ldap.conf file changing our domain to just domain. I have tried the stanza [domain.com] in all caps and lowercase, the domain in alternatedomain = has been uppercase and lowercase as well. We have one search head, one indexer and one deployment server. I have SA-ldapsearch installed on $Splunk_Home/etc/apps/ on both search head and indexer, I have also tried it without it installed on the indexer. As a side question is it only required to be on the search head or does it need to be on the indexer as well? Also, it doesn't need to be installed on any of the domain controllers either correct?
[default]
server = dc1.domain.com
port = 389
[domain.com]
server = dc1.domain.com,dc2.domain.com
port = 389
ssl = false
basedn = DC=domain,DC=com
binddn = CN=spl user,OU=Splunk,OU=System accounts,OU=Departments and Categories,DC=domain,DC=com
password = password
alternatedomain = DOMAIN
I have tried the solution below and still receive the same message.
https://answers.splunk.com/answers/318078/splunk-support-for-active-directory-error-the-defa.html
... View more