All Apps and Add-ons

Can I use SA-ldapsearch to openldap ?

akanno
Communicator

Hello Splunkers,

I wanna use SA-ldapsearch to get data from openldap server, employee information, etc..
However I got following error messages and failed.

SA-ldapsearch.log

2016-01-25 18:00:23,891, Level=ERROR, Pid=4221, File=search_command.py, Line=282, Abnormal exit: LDAPInvalidDNSyntaxResult - 34 - invalidDNSyntax - None - invalid DN - searchResDone - None

ldaplog

Jan 25 18:00:23 host slapd[3888]: conn=2 op=0 ENTRY dn=""
Jan 25 18:00:23 host slapd[3888]: conn=2 op=1 ENTRY dn="cn=subschema"
Jan 25 18:00:23 host slapd[3888]: conn=2 op=3 ENTRY dn=""

Jan 25 18:00:23 host slapd[3888]: do_search: invalid dn (c)

Can we use SA-ldapsearch for this purpose ? or not ?
If anyone know the use case like this, please let me know.
Thank you for your help.

Tags (2)
0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi akanno,

I don't know if this will work or not, but I know that this app https://splunkbase.splunk.com/app/1852/ works pretty well with almost any kind of LDAP provider. The only currently known limitation is that Splunk must be running on Linux/Unix.

Hope this helps ...

cheers, MuS

View solution in original post

mOewa
New Member

Hello i have the same problem here :

Feb  5 16:31:51 slapd[98008]: conn=1298 fd=120 ACCEPT from IP=***.***.***:47803 (IP=*.*.*.*:636)
Feb  5 16:31:51 slapd[98008]: conn=1298 fd=120 TLS established tls_ssf=256 ssf=256
Feb  5 16:31:51 slapd[98008]: conn=1298 op=0 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Feb  5 16:31:51 slapd[98008]: conn=1298 op=0 SRCH attr=* +
Feb  5 16:31:51 slapd[98008]: conn=1298 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb  5 16:31:51 slapd[98008]: conn=1298 op=1 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=subschema)"
Feb  5 16:31:51 slapd[98008]: conn=1298 op=1 SRCH attr=objectClasses attributeTypes ldapSyntaxes matchingRules matchingRuleUse dITContentRules dITStructureRules nameForms createTimestamp modifyTimestamp * +
Feb  5 16:31:51 slapd[98008]: conn=1298 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb  5 16:31:51 slapd[98008]: conn=1298 op=2 BIND dn="cn=*,ou=Services,dc=*,dc=*" method=128
Feb  5 16:31:51 slapd[98008]: conn=1298 op=2 BIND dn="cn=*,ou=Services,dc=*,dc=*" mech=SIMPLE ssf=0
Feb  5 16:31:51 slapd[98008]: conn=1298 op=2 RESULT tag=97 err=0 text=
Feb  5 16:31:51 slapd[98008]: conn=1298 op=3 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Feb  5 16:31:51 slapd[98008]: conn=1298 op=3 SRCH attr=* +
Feb  5 16:31:51 slapd[98008]: conn=1298 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb  5 16:31:51 slapd[98008]: conn=1298 op=4 do_search: invalid dn: "c"
Feb  5 16:31:51 slapd[98008]: conn=1298 op=4 SEARCH RESULT tag=101 err=34 nentries=0 text=invalid DN
Feb  5 16:31:51 dhadlx135 slapd[98008]: conn=1298 fd=120 closed (connection lost) 

It was working well but we change the machine and now it looks like the addon send incomplete DN, just the first letter.

Thank you for your help.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

@mOewa This thread is over two years old with an accepted answer. For a better chance at getting an answer to your problem, please post a new question.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi akanno,

I don't know if this will work or not, but I know that this app https://splunkbase.splunk.com/app/1852/ works pretty well with almost any kind of LDAP provider. The only currently known limitation is that Splunk must be running on Linux/Unix.

Hope this helps ...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Correction: It will not work!

From the docs http://docs.splunk.com/Documentation/SA-LdapSearch/latest/User/Platformandhardwarerequirements#What_...

The add-on does not support AD Lightweight Directory Services (AD LDS) or other Lightweight Directory Access Protocol (LDAP) server types.
0 Karma

akanno
Communicator

Thank you very much for reply, MuS.

I've tried to use this app but met following error messages as a search result.

command="ldap", : LDAP modul load failed!

myldap.py.log

2016-01-26 18:37:55,744 INFO myldap:55 - setting modul path...
2016-01-26 18:37:55,744 INFO myldap:57 - modul path: /opt/splunk/etc/apps/TA-LDAP/bin/ldap
2016-01-26 18:37:55,744 INFO myldap:58 - loading ldap modul...

2016-01-26 18:37:55,759 ERROR myldap:63 - ERROR: LDAP modul load failed with error /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /opt/splunk/etc/apps/TA-LDAP/bin/ldap/ldap/libssl.so.10)!

My Splunk server is CentOS 6.5 fineal version.
Will I need to install any other modules to use this app ?

0 Karma

MuS
SplunkTrust
SplunkTrust

Did you check the documentation of the App? It states:

Python ldap module used in this app https://pypi.python.org/pypi/python-ldap/2.4.19 so make sure you meet all dependencies.

I heard of this before; in the latest releases of CentOS the GLIB version changed and hence the GLIBC_2.14 is not available.

0 Karma

akanno
Communicator

Thank you for reply.
Sorry I still had not read the documentation.
When I fixed dependency, this app have worked.
Thank you very much !

0 Karma

MuS
SplunkTrust
SplunkTrust

You're welcome. Feel free to accept this answer - thanks 🙂

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!