Test your LDAP configuration
If you find that Splunk Enterprise is not able to connect to your LDAP server, try these troubleshooting steps:
$SPLUNK_HOME/var/log/splunk/splunkd.log for any authentication errors. Turn on DEBUG-level logging for AuthenticationManagerLDAP to get more information here. This can be done from the Splunk Web UI - Server Settings/Server Logging.
2. Remove any custom values you've added for userBaseFilter and groupBaseFilter.
3. In the *nix command line, you can use
ldapsearch to confirm that the variables you are specifying will return the expected entries:
ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" –b "group_basedn" "groupNameAttribute=*"
If these commands return matching entries, then your backend LDAP system is properly configured. Continue to troubleshoot the Splunk LDAP strategy configuration.
Map LDAP groups and users to Splunk roles in the configuration files
Convert to LDAP from Splunk authentication
This documentation applies to the following versions of Splunk Cloud Platform™: 8.1.2103, 8.2.2104, 8.2.2105 (latest FedRAMP release), 8.2.2106, 8.2.2107