Getting Data In

Error when configuring LDAP authentication over SSL to Active Directory

castellowc
Engager

I have installed Splunk on a Windows 2012 server. I am able to configure unsecured LDAP to a Windows domain controller, but as soon as I enable LDAP over SSL and change the port, I receive the error in Splunk Web:

Encountered the following error while trying to update: In handler 'LDAP-auth': strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

Additionally, in SPLUNKD.log I see the following limited info:

07-15-2013 11:02:33.221 -0500 ERROR ScopedLDAPConnection - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

07-15-2013 11:02:33.221 -0500 ERROR AdminHandler:AuthenticationHandler - strategy="MyLDAPStrategy" Error binding to LDAP. reason="Can't contact LDAP server"

I have reviewed the instructions listed here, including placing the root CA cert of the LDAP server certificate in $SPLUNK_HOME/etc/openldap/certs/ and then modifying the ldap.conf file accordingly. I have confirmed basic connectivity on the LDAPS port (636) of the domain controller using telnet client from the Splunk server.

Could anyone provide some additional insight or ideas into what I might be missing? Help will be greatly appreciated.

spsponger2
Explorer

We're seeing the exact same issue - can bind just fine without SSL on 389 but as soon as we force the use of SSL on our domain controllers by setting the "Domain Controller: LDAP server signing requirements" entry to "Require signing" it throws the error you got. We're tried both 636 and 3269 for the port with no luck.

Our environment consists of a Windows Server 2008 R2 DC and a Splunk 6.0.1 install.

JohnHowellANZ
Engager

I have the same issue, installing SPLUNK 5.0.4 on a Windows 2k8 R2 server. authenticating to a Windows 2008 native domain.
Testing LDAP using LDAP Search v4.5 (from SecurityXploded)I can make a secure connection to the ldap server and return a list of users, however with exactly the same BIND account and base DN strings in Splunk I am getting "Error binding to LDAP. reason="Can't contact LDAP server"

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...