Reporting

LDAP Configuration, Invalid credentials issue.

fabianbr
New Member

Hello Splunkers.
Im new to splunk and have been tasked with configuring LDAP, I have edited the authentication.conf file as below.

authType = LDAP
authSettings = ldap1

[ldap1]
host = sjcldap.ad.ea.com
port = 3268
SSLEnabled = 0
bindDN = emsguest
bindDNpassword = ##hashed password##
userBaseDN = dc=ad,dc=ea,dc=com
userBaseFilter = (objectclass=)
groupBaseDN = dc=ad,dc=ea,dc=com
groupBaseFilter = (objectclass=
)
userNameAttribute = sAMAccountName
realNameAttribute = displayName
groupMappingAttribute = uid
groupMemberAttribute = uniqueMember
groupNameAttribute = uid

in splunkd.log file I see the following:
08-15-2013 05:12:14.914 -0700 ERROR ScopedLDAPConnection - strategy="ldap1" Error binding to LDAP. reason="Invalid credentials"
08-15-2013 05:12:14.914 -0700 INFO IndexProcessor - adjusting tb licences
08-15-2013 05:12:14.914 -0700 ERROR UserManagerPro - LoadLDAPUsersThread: Error loading all LDAP users for strategy="ldap1"
08-15-2013 05:12:14.917 -0700 INFO CMConfig - A splunktcp forwarder port is not configured in inputs.conf
08-15-2013 05:12:14.917 -0700 INFO TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available

If I execute the following ldapsearch command it works:
ldapsearch -x -h sjcldap.ad.ea.com -p 3268 -D "esmguest" -w "esmguest" -b "dc=ad,dc=ea,dc=com" "samaccountname=*"

So what Am I missing or doing wrong?

Any thoughts or comments you can provide will be appreciated.

Best Regards.

0 Karma

bbialek
Path Finder

I was getting the following error when loading LDAP configuration from system/local/authentication.conf file:

Error binding to LDAP. reason="Invalid credentials"

The problem was due to me having bindDNpassword in a form of a hash instead of plain text. It turns out you need Splunk do the hashing on it own.

0 Karma

fabianbr
New Member

Hello Team.

I found out what the issue was, I was giving bad credentials :(.

Now im getting a new message
"Your LDAP strategy 'ldap1' is not returning any groups. Please check your LDAP configuration or consult splunkd.log for LDAP errors."

Anyway I will open a new thread for that.

Have a Great Day.

Regards.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...