Getting Data In

Error when configuring LDAP authentication over SSL to Active Directory

castellowc
Engager

I have installed Splunk on a Windows 2012 server. I am able to configure unsecured LDAP to a Windows domain controller, but as soon as I enable LDAP over SSL and change the port, I receive the error in Splunk Web:

Encountered the following error while trying to update: In handler 'LDAP-auth': strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

Additionally, in SPLUNKD.log I see the following limited info:

07-15-2013 11:02:33.221 -0500 ERROR ScopedLDAPConnection - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

07-15-2013 11:02:33.221 -0500 ERROR AdminHandler:AuthenticationHandler - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

I have reviewed the instructions listed here, including placing the root CA cert of the LDAP server certificate in $SPLUNK_HOME/etc/openldap/certs/ and then modifying the ldap.conf file accordingly. I have confirmed basic connectivity on the LDAPS port (636) of the domain controller using telnet client from the Splunk server.

Could anyone provide some additional insight or ideas into what I might be missing? Help will be greatly appreciated.

spsponger2
Explorer

We're seeing the exact same issue - can bind just fine without SSL on 389 but as soon as we force the use of SSL on our domain controllers by setting the "Domain Controller: LDAP server signing requirements" entry to "Require signing" it throws the error you got. We're tried both 636 and 3269 for the port with no luck.

Our environment consists of a Windows Server 2008 R2 DC and a Splunk 6.0.1 install.

JohnHowellANZ
Engager

I have the same issue, installing SPLUNK 5.0.4 on a Windows 2k8 R2 server. authenticating to a Windows 2008 native domain.
Testing LDAP using LDAP Search v4.5 (from SecurityXploded)I can make a secure connection to the ldap server and return a list of users, however with exactly the same BIND account and base DN strings in Splunk I am getting "Error binding to LDAP. reason="Can't contact LDAP server"

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...