...or you use a case insensitive database (we have always used SQL Server) and this isn't an issue. When troubleshooting we always remind users that Remedy clients are case sensitive (never mind LDAP or the database), and ALL of our IDs in both Remedy and LDAP are lower case. One of the most recent victims has been logging in to Remedy with the same ID for the last 12 years, and we still asked the question, and the answer was still correct. Since all of our support staff use local passwords, LDAP isn't even in the equation. Even after we hijack the problem account and set a new password and test, none of the permissions visible in the four forms (including the user cache) are being honored until we remove them all, then restore them one by one. Maybe there are additional forms or cached tables we are not looking at.
Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Doug Blair Sent: Friday, October 23, 2009 7:28 PM To: arslist@ARSLIST.ORG Subject: Re: Assigned license issue ** Bruce, Chris, Kevin, Sean, et al I can see that it's time for my annual post on this issue. You're right - LDAP protocol to Active Directory or x500 directories for authentication is NOT case sensitive, but Oracle usually is. When a user logs in with mixed case they are authenticated via LDAP, but their resulting login does not exactly match anything in the User form's login name field. Therefore the user is authenticated, but has only Guest (or perhaps no) permissions, and since the login name does not match, whatever is set up in role permissions for the ITSM applications won't be available either. There is a built-in fix for this. Add a character field with field ID number 117 to the User form. Name this field Authentication Login Name. Add a filter which forces this field to match the case of your user login name field. We lowercase all the login names which will go out to LDAP for authentication, so my filter just sets the field to LOWER($login Name$). There is a spartan discussion of what this does and why to use it starting on page 70 of the Configuration guide in the 7.5 docs. Look for field ID 117 in the reserved fields section. Very clever, those Remedy programmers.... Doug Blair _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"