Splunk Cloud Platform

Securing Splunk Cloud Platform

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Test your LDAP configuration on Splunk Enterprise

If, after you configure Splunk Enterprise to use the lightweight directory access protocol (LDAP) as an authentication scheme, you then determine that it cannot connect to your LDAP server, follow these steps to troubleshoot the problem:

  1. Check the $SPLUNK_HOME/var/log/splunk/splunkd.log file for authentication errors. For additional information, you can turn on DEBUG-level logging for the AuthenticationManagerLDAP facility. You can do this from the "Server Settings/Server Logging" configuration page in Splunk Web.
  2. Remove any custom values that you might have added for the userBaseFilter and groupBaseFilter settings for the LDAP strategy that you have configured in the authentication.conf configuration file.
  3. On *nix machines, you can use the ldapsearch command-line tool to confirm that the variables you specify return the expected entries. See the following examples:

ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" -b "user_basedn" "userNameAttribute=*"

ldapsearch -x –h <ldap_host> –p <ldap_port> –D "bind_dn" -w "bind_passwd" –b "group_basedn" "groupNameAttribute=*"

If these commands return matching entries, then your have properly configured your backend LDAP system. Continue to troubleshoot the Splunk LDAP strategy configuration.

Last modified on 18 October, 2021
Map LDAP groups and users to Splunk roles using configuration files
Change authentication schemes from native to LDAP on Splunk Enterprise

This documentation applies to the following versions of Splunk Cloud Platform: 8.1.2103, 8.2.2105 (latest FedRAMP release), 8.2.2104, 8.2.2106, 8.2.2107, 8.2.2109

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters