If you are dealing with LDAP issues, the following can assist in testing if LDAP is working with Security Analytics.
Please begin with a simple setup to make sure that connectivity and authentication works fine.
You can then add complexity when you are sure the basics are working.
After doing this, validate your settings using ldapsearch finding a certain user (user1) in the specified searchbase
LDAPUSERNAME=user1
HOST=lab.example.com
HOSTPORT='389'
SEARCHBASE='dc=lab,dc=example,dc=com'
BINDDN='administrator@lab.example.com'
BINDPASSWORD='password'
ldapsearch -x -h $HOST \
-p $HOSTPORT \
-D $BINDDN \
-w $BINDPASSWORD \
-b $SEARCHBASE \
"(&(objectClass=User)(sAMAccountName=$LDAPUSERNAME))"
ldapsearch -x -h lab.example.com -p 389 -D administrator@lab.example.com -w Passw0rd -b "dc=lab,dc=example,dc=com" "(&(objectClass=User)(sAMAccountName=user1))"
# extended LDIF
#
# LDAPv3
# base <dc=lab,dc=example,dc=com> with scope subtree
# filter: (&(objectClass=User)(sAMAccountName=user1))
# requesting: ALL
#
# user1 MTD, Users, lab.example.com
dn: CN=user1 MTD,CN=Users,DC=lab,DC=example,DC=com
***snipped***
msExchRBACPolicyLink: CN=Default Role Assignment Policy,CN=Policies,CN=RBAC,CN
=mtdtest,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lab,DC=mtdtest
,DC=com
publicDelegatesBL: CN=quarantine,CN=Users,DC=lab,DC=example,DC=com
# search reference
ref: ldap://ForestDnsZones.lab.mtdtest.com/DC=ForestDnsZones,DC=lab,DC=example
,DC=com
# search reference
ref: ldap://DomainDnsZones.lab.example.com/DC=DomainDnsZones,DC=lab,DC=example
,DC=com
# search reference
ref: ldap://lab.example.com/CN=Configuration,DC=lab,DC=example,DC=com
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 1
# numReferences: 3
[root@hostname ~]#
If you are still having issues and want to analyze the logs, you can follow the steps in this KB article to enable additional debugging: How to enable LDAP debug for troubleshooting authentication issues on Security Analytics (Solera)
To search for an LDAP account
Is Frank or some form of his name in the ldap server?
ldapsearch -LLL -x -b 'dc=dren,dc=mil' -H ldaps://ldap_example.dod.mil:636 -s sub "(&(cn=smith.frank.Z.2271830247))"
ldapsearch -LLL -x -b 'dc=dren,dc=mil' -H ldaps://ldap_example.dod.mil:636 -s sub "(&(cn=*fran*))"