Hi there,
I installed SA-ldapsearch as decsribed in the docs on the search head in my distributed environment. When I run a simple ldapsearch, everything works just fine.
Now I want to query stuff from my indexers and feed the results into ldapfetch (idea: find windows groups in a log and use ldapfetch to find the members of that group).
Search head and indexers run on different machines.
I get the following errors from my indexers:
[map]: [PRDS0052] External search command 'ldapfetch' returned error code 1. Script output = " ERROR The default configuration stanza for ldap.conf is missing. "
[map]: [PRDS0053] External search command 'ldapfetch' returned error code 1. Script output = " ERROR The default configuration stanza for ldap.conf is missing. "
How can I prevent the ldap command from run on the indexers? For the lookup command, there is a "local" attribute. I cannot find sth like that in ldapfetch.
Any idea?
Best,
Bernd
Assuming that (1) you're on Splunk 6.3 and (2) the SH has got access to ActiveDirectory this problem is easily solved by a one line change to each of the files: sa-ldapsearch/bin/
{ldapfilter.py,ldapgroup.py,ldapsearch.py,ldapfetch.py, ldaptestconnection.py}
Here’s the change to make in each file:
Change this:
@Configuration()
to:
@Configuration(local=True)
[If you already have something within the ()'s, just add the local=True
to what's already there.]
If you’re running on Splunk 6.2 or lower, you should add this line to each stanza in sa-ldapsearch/default/command.conf:
local = true
Save the files and restart the Splunk instance on the Search Head(s). Retest to verify the workaround worked.
Thank you!
But, not knowing Python, I burnt some cycles on the adding of "local=True" to things already there. To help my next comrade from not falling for this, but sure to use a comma to separate multiple entries in the Configuration parameters. I.E.:
ldapsearch.py:@Configuration(retainsevents=True, local=True)
ldaptestconnection.py:@Configuration(retainsevents=True, local=True)
ldapfetch.py:@Configuration(local=True)
ldapfilter.py:@Configuration(local=True)
ldapgroup.py:@Configuration(local=True)