Re: Assigned license issue

[Doug Blair]

** Bruce, Chris, Kevin, Sean, et al I can see that it's time for my annual post on this issue.   You're right - LDAP protocol to Active Directory or x500 directories for authentication is NOT case sensitive, but Oracle usually is.  When a user logs in with mixed case they are authenticated via LDAP, but their resulting login does not exactly match anything in the User form's login name field.  Therefore the user is authenticated, but has only Guest (or perhaps no) permissions, and since the login name does not match, whatever is set up in role permissions for the ITSM applications won't be available either. There is a built-in fix for this.   Add a character field with field ID number 117 to the User form. Name this field Authentication Login Name.  Add a filter which forces this field to match the case of your user login name field.  We lowercase all the login names which will go out to LDAP for authentication, so my filter just sets the field to LOWER($login Name$). There is a spartan discussion of what this does and why to use it starting on page 70 of the Configuration guide in the 7.5 docs. Look for field ID 117 in the reserved fields section. Very clever, those Remedy programmers.... Doug Blair On Oct 21, 2009, at 10:35 PM, strauss wrote: ** We have seen this many, many times in the last year and a half with ITSM 7.0.02/03 on ARS 7.1, and the cure always seems to be what you had to do.  We see it mostly with support staff (who are not using LDAP authentication), but we have actually had a few on customer accounts that lose their company access (and those are all LDAP authenticated).  It has something to do with the combination of data in the CTM:People + User + CTM:People Permission Groups forms and how it is cached (or not).  Usually all of the group memberships look just fine in all of the forms, and in even the user_cache, but they are not taking effect when the user logs in.  It is an annoying defect.   Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Moore,Bruce Sent: Wednesday, October 21, 2009 2:10 PM To: arslist@ARSLIST.ORG Subject: Re: Assigned license issue   ** Thanks for the replies. I’ve had similar problems as everyone described with guest and upper case before, but that’s not the case in this example.  No LDAP or Orcale here, we’re exclusively  Windows in our Remedy environment. Last time I had this issue I ended up deleting the user and recreating the account, I was just trying to prevent from going that route again.   *Fix* I ended up deleting all the group and license information in both the People and User form for the user.  Once that was done, I set the account back up and had the user test.  He was immediately able to login with a floating license, much faster than recreating his entire account.  Thanks for the suggestion Sean.   -Bruce   From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Begosh, Kevin Sent: Wednesday, October 21, 2009 1:18 PM To: arslist@ARSLIST.ORG Subject: Re: Assigned license issue   ** I have had this as well where the user says they are logged in as “username” but when you check the logged in users under license review they were logged in as “Username” and we allow guest users so it was assigned them to a read licenses as a quest.   Kevin Begosh, RSP Remedy Development ACE-IT IS&GS Defense 301-791-3540 Phone 240-291-2467 Cell kevin.beg...@lmco.com   From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Garrison, Sean (Norcross) Sent: Wednesday, October 21, 2009 10:58 AM To: arslist@ARSLIST.ORG Subject: Re: Assigned license issue   ** Are you running Oracle and LDAP?  The funny thing is Oracle is case sensitive but LDAP is not.  So when a user logs in as "Jsmith" vs "jsmith" they may get a read license because Remedy/oracle can't resolve "Jsmith".  (Assuming his user record is "jsmith").  Another thing to check is the .multilicense file.  If you are running unix remove it from the /etc/arsystem directory (note: it’s a hidden file) and restart the server.  In addition check to see if you are allowing guest users.  He may be misspelling his user id and the system is letting him in any way as a guest user.  The last thing I would do is check his "CTM:People" record vs. what is actually in his "User" record.  Sometimes you have to go back and remove/add permissions again to get the "User" record corrected.   Thanks,   Sean   From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Moore,Bruce Sent: Wednesday, October 21, 2009 11:12 AM To: arslist@ARSLIST.ORG Subject: Assigned license issue   ** I’m having a hard time tracking down a really odd problem I’m having.  It’s only affecting one or two users, but up to this point BMC has been little help.  ·         AR Server 7.0.1 Patch 006 ·         Mid-Tier 7.0.1 Patch 006 ·         ITSM 7.0.1     I have a user that has had a working account for over a year, and randomly last week he was unable to login via the Mid-tier or user tool.  I’ve checked the logs and the Admin tool and I can see the user is receiving a Read  license, even though he is set for a floating (both app and server).  I’ve tried removing his licensing and adding them but that doesn’t help.  Does anyone have any thoughts?    Thanks _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_ Doug -- Doug Blair d...@blairing.com +1 224-558-5462 200 North Arlington Heights Road Arlington Heights, Illinois 60004 _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_