Getting Data In

Error when configuring LDAP authentication over SSL to Windows 2012R2 Active Directory

daniel_splunk
Splunk Employee
Splunk Employee

I tried to enable LDAP over SSL to Windows 2012R2 Active Directory via port 636, got the following error message.

01-11-2018 15:44:18.528 +0800 DEBUG ScopedLDAPConnection - strategy="LDAP Lab" Initializing with LDAPURL="ldaps://10.10.10.30:636"
01-11-2018 15:44:18.528 +0800 DEBUG ScopedLDAPConnection - strategy="LDAP Lab" Attempting bind as DN="cn=svc_splunk_to_ad,ou=my_company,ou=users,ou=systems,dc=com"
01-11-2018 15:44:18.528 +0800 ERROR ScopedLDAPConnection - strategy="LDAP Lab" Error binding to LDAP. reason="Can't contact LDAP server"
01-11-2018 15:44:18.528 +0800 DEBUG ScopedLDAPConnection - strategy="LDAP Lab" Successfully performed unbind

Run the following command and confirmed that LDAP are able to connect using TLS1.1 and TLS1.2

splunk cmd openssl s_client -tls1_1 -connect 10.10.10.30:636
splunk cmd openssl s_client -tls1_2 -connect 10.10.10.30:636

Below is the $SPLUNK_HOME/etc/openldap/ldap.conf

TLS_PROTOCOL_MIN 3.3
TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-
AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256

TLS_CACERT /opt/splunk/etc/openldap/certs/certnew.cer
TLS_CACERTDIR /opt/splunk/etc/openldap/certs

Any idea about this?

Tags (1)
0 Karma

daniel_splunk
Splunk Employee
Splunk Employee

Can you try to concat the cert into a single pem file, and then add the following.

TLS_REQCERT never
TLS_CACERT /opt/splunk/etc/openldap/certs/Your_Concat_Cert.pem
#TLS_CACERTDIR /opt/splunk/etc/openldap/certs
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Get Agentic with Splunk Lantern: Connect to Cisco Cloud Control, Transform ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

July Community Events: Master ITSI 5.0 & Automate Splunk

Struggling with alert fatigue or feeling like you're spending more time on infrastructure maintenance than ...

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...