Test your LDAP configuration on Splunk Enterprise
If, after you configure Splunk Enterprise to use the lightweight directory access protocol (LDAP) as an authentication scheme, you then determine that it cannot connect to your LDAP server, follow these steps to troubleshoot the problem:
- Check the
$SPLUNK_HOME/var/log/splunk/splunkd.logfile for authentication errors. For additional information, you can turn on DEBUG-level logging for the
AuthenticationManagerLDAPfacility. You can do this from the "Server Settings/Server Logging" configuration page in Splunk Web.
- Remove any custom values that you might have added for the userBaseFilter and groupBaseFilter settings for the LDAP strategy that you have configured in the authentication.conf configuration file.
- On *nix machines, you can use the
ldapsearchcommand-line tool to confirm that the variables you specify return the expected entries. See the following examples:
ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"
ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" –b "group_basedn" "groupNameAttribute=*"
If these commands return matching entries, then your have properly configured your backend LDAP system. Continue to troubleshoot the Splunk LDAP strategy configuration.
Map LDAP groups and users to Splunk roles using configuration files
Change authentication schemes from native to LDAP on Splunk Enterprise
This documentation applies to the following versions of Splunk Cloud Platform™: 8.1.2103, 8.2.2105 (latest FedRAMP release), 8.2.2104, 8.2.2106, 8.2.2107, 8.2.2109