Deployment Architecture

After installing Splunk on RHE Linux 6 and configuring it to use LDAP, why am I getting login error "could not find a valid user="userOne" on any configured servers"?

ralphw_SAIC
Path Finder

I have installed Splunk on RHEL6 and have configured it to use LDAP, not AD. I can do an LDAP search from CLI and find my username and I can do a group search and find my group with my name in it. Splunk communicates with my LDAP server with no problem.

When I try to login, that is when I start getting errors. I have posted the errors below along with authentication.conf, the ldapsearch, my LDAP user entry and LDAP group entry.

Any idea why it is failing to see my LDAP user id?

Error

09-09-2015 17:33:09.482 -0400 ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="userOne". Search filter="(&(memberuid=cn=userOne,cn=users,dc=example,dc=com)(|(cn=splunk-admin*)(cn=posix)(cn=linux)))" strategy="LDAP"
09-09-2015 17:33:09.482 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="userOne" on any configured servers

authentication.conf

[authentication]
authSettings = LDAP
authType = LDAP

[roleMap_LDAP]
power-storage = splunk-admin-storage
power-linux = splunk-admin-linux

[LDAP]
SSLEnabled = 1
anonymous_referrals = 1
bindDNpassword = xxxxxx
charset = utf8
emailAttribute = mail
groupBaseDN = cn=groups,dc=example,dc=com
groupBaseFilter = (|(cn=splunk-admin*)(cn=posix)(cn=linux))
groupMappingAttribute = dn
groupMemberAttribute = memberuid
groupNameAttribute = cn
host = xxxxxx.example.com
nestedGroups = 0
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = cn=users,dc=example,dc=com
userNameAttribute = uid

ldapsearch -x -H ldaps://xxxxxx.example.com -D "dc=example,dc=com" -b "memberuid=userOne,cn=groups,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <memberuid=userOne,cn=groups,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

\# search result
search: 2
result: 32 No such object
matchedDN: cn=Groups, dc=example,dc=com

\# numResponses: 1

LDAP User

# extended LDIF
#
# LDAPv3
# base <cn=users,dc=example,dc=com> with scope subtree
# filter: cn=userOne
# requesting: ALL
#

\# userOne, users, example.com
dn: cn=userOne,cn=users,dc=example,dc=com
uidnumber: xxxxxxx
loginshell: /bin/bash
homedirectory: /home/userOne
gidnumber: xxxxxxx
examplelinuxuid: userOne
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: oblixorgperson
objectclass: posixAccount
mail: User.One@example.com
examplenamesdn: CN=User One,O=example,C=US
exampledominosubperson: 1
exampledominoorgname: xxxxxxx
exampledominoorgcode: xxxxxxx 
exampledominonerdname: One.User
exampledominolocation: xxxxxxx
dexamplertmentnumber: xxxxxxx
cn: userOne
cn: user one
uid: userOne
displayname: User One
sn: One
givenname: User
examplesimtreedn: cn=userOne,ou=Internal,o=example
examplesimtreeuid: userOne

LDAP Group

# extended LDIF
#
# LDAPv3
# base <cn=groups,dc=example,dc=com> with scope subtree
# filter: cn=splunk-admin-linux
# requesting: ALL
#

\# splunk-admin-linux, posix, linux, Groups, example.com
dn: cn=splunk-admin-linux,cn=posix,cn=linux,cn=Groups,dc=example,dc=com
memberuid: userOne
memberuid: userTwo
memberuid: userThree
gidnumber: xxxxx
objectclass: top
objectclass: posixGroup
objectclass: groupOfUniqueNames
description: Splunk SysAdmins
cn: splunk-admin-linux
0 Karma
1 Solution

ralphw_SAIC
Path Finder

Finding someone that reads in the LDAP group and having them configure the entries correctly.

View solution in original post

0 Karma

ralphw_SAIC
Path Finder

Finding someone that reads in the LDAP group and having them configure the entries correctly.

View solution in original post

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!