Solved: No Data From Splunk Support for Active Directory

justin_coffi · ‎11-11-2012

I installed this application on a Windows 2008 R2 server (obviously x64). I've created the ldap.conf inside of the local subdirectory in the application's folder. The file looks like this

[lab.local]
server = 192.168.254.2
basedn = DC=lab,DC=local
binddn = CN=Splunk Searcher,CN=Managed Service Accounts,DC=lab,DC=local
password = <hidden>
alternatedomain = LAB

[default]
server = 192.168.254.2

I've also installed Java 1.7 SE (x86).

What exactly am I doing wrong?

ahall_splunk · ‎11-19-2012

I've just realized you have a mismatch between your Java version and the OS version. Have you tried installing the x64 version of Java 1.7.0u9?

View solution in original post

justin_coffi · ‎11-27-2012

Adrian's latest update to 1.1.6 resolved my issues.

ahall_splunk · ‎11-19-2012

I've just realized you have a mismatch between your Java version and the OS version. Have you tried installing the x64 version of Java 1.7.0u9?

justin_coffi · ‎11-27-2012

Adrian's latest update to 1.1.6 resolved my issues.

ahall_splunk · ‎11-19-2012

For those following along here - Justin had two problems:

1) 32-bit java on a 64-bit machine.

2) A posix:permissions issue, of which the less said the better as it is squarely aimed at Windows internals and is very messy.

I am working on a fix for both issues currently, and will release version 1.1.6 with a fix for both once I've finished testing them.

ahall_splunk · ‎11-14-2012

I just discovered a bug with the Windows connector in 1.7.0_u9 - they use a semi-colon instead of a colon on the class-path. I'm fixing that now and will post an update hopefully today.

ahall_splunk · ‎11-15-2012

Hi Justin - please reach out directly at ahall-at-splunk.com so we can set up a webex to discover the nature of the bug.

justin_coffi · ‎11-15-2012

Sadly, there is no change and still no logs.

ahall_splunk · ‎11-14-2012

Version 1.1.5 is now on Splunkbase

justin_coffi · ‎11-14-2012

Excellent. Thank you so much. After you've made the update, and I've updated, I'll test it again. If it works, I'll respond back here (for others later) and reward you the points.

justin_coffi · ‎11-14-2012

SA-ldapsearch version 1.1.4 and there isn't a log file by that name. I checked manually in "C:\Program Files\Splunk\var\log\splunk" and also searched the entire disk.

ahall_splunk · ‎11-14-2012

What version of SA-ldapsearch are you using?
What does the log file (SA-ldapsearch.log) say?

justin_coffi · ‎11-12-2012

I've read the article and checked my settings using ADSIedit as well as Ldapbrowser. I am able to connect using LDAPbrowser using the same exact settings.

This is the query I'm running:

ldapsearch domain=LAB search="(objectClass=*)"

I don't receive any errors.

sdaniels · ‎11-11-2012

If you've been throught the docs i would also check this.

http://blogs.splunk.com/2012/10/21/splunk-app-for-active-directory-and-the-top-10-issues/

No Data From Splunk Support for Active Directory

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life