Splunk® Supporting Add-on for Active Directory

Deploy and Use the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch)

The ldaptestconnection command

Overview

The 'ldaptestconnection' command tests the connection to each of the hosts servicing the LDAP directory identified by domain. It must be placed at the beginning of a search pipeline. A sample usage follows:

| ldaptestconnection domain=default

There are several possible arguments:

Argument Description
domain=<domain> Specifies the name of a configuration stanza in ldap.conf. If you do not specify a domain, the command uses the default stanza.
debug=<boolean> Specifies whether or not ldapfetch should write debug log data. When set to T, specifies that debug logging should occur.
logging_level=(CRITICAL|ERROR|WARNING|INFO|DEBUG) Specifies the logging level for the $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log file. Splunk can access this file with the "index=_internal sourcetype=SA-ldapsearch" search and exposes the following fields:

File: Full pathname of the source file where the logging call was made.
Level: Level of the logging call that was made; one of CRITICAL, ERROR, WARNING, INFO, or DEBUG.
Line: Line number in the source file where the logging call was made.
Pid: ID of the process that made the logging call.
log_source: String of the form "Pid=<Pid>, File=<File>, Line=<Line>".
message: Full text of the logged message.

On return, ldaptestconnection generates a single event record for each host servicing the LDAP directory identified by the default domain. Each record contains the host name and the distinguished name of the domain. If the connection test fails for any reason, an error message is produced instead.

Example

To test the connection for the SPL domain:

| ldaptestconnection domain=SPL

Last modified on 05 September, 2024
The ldapgroup command   Troubleshoot the Splunk Supporting Add-on for Active Directory

This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 3.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters