I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory.
Fred -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, "Grooms, Frederick W" wrote: > ldap://<host>[:<port>]/<User Base>??sub?(<User Filter>) > > As long as you have "sub" in there it should look at your user base and all > sublevels (the other option I know of is "one"). > > In your Vendor Form definition you set the <User Base> to be the top level of > your organization where you want to start searching. In my case I have it set > to the root of the tree. > > If you turn on the plugin log to the highest level you can see the queries > generated. Basically all the system is doing is to append to the ldap string > the rest of your search parameters. i.e. If I put "grooms" in the > sAMAccountName field on my LDAP vendor form the query generated is: > > ldap://DNS_SERVER/DC=AAA,DC=BBBB,DC=NET??sub?(&(objectclass=user)(sAMAccountName=*grooms*)) > In my case the record is in the sublevel: OU=User > Accounts,DC=AAA,DC=BBBB,DC=net > > As for tools, the 2 most common (Free ones) I know of are: > Microsoft's LDP utility > http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx > Softerra LDAP Browser http://www.softerra.com/download.htm > > > Fred > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller > Sent: Tuesday, December 29, 2009 11:13 AM > To: arslist@ARSLIST.ORG > Subject: Re: ARDBC LDAP Active Directory question > > Thanks Fred. > > So I could substitute another value in the ldap string and get further > down in the tree? But not in the same form? > > My server guys instists that there's a query that Remedy is using to > return the information in the Vendor form, but we can't see that > query. Or can we? If anyone knows, please clue me in. > > I can create a vendor form and add every single field available, but > only a few of them can be added to the results field list and the > normal way of exporting records to an excel file doesn't work. How do > I build queries into the AD, and what tools should I use? > > Drew > > On Mon, Dec 28, 2009 at 4:35 PM, "Grooms, Frederick W" wrote: >> Check the Form Properties -> Vendor Information tab for your form. The Table >> Name field needs to have the "sub" value in it to allow searches to go >> beyond the currently defined level. >> >> ldap://DNS_SERVER/DC=AAA,DC=BBBB,DC=NET??sub?(objectclass=user) >> >> The objectclass=user just restricts the results to values with user in the >> objectclass field, not what levels to search. >> >> Fred >> >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) >> [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller >> Sent: Monday, December 28, 2009 3:59 PM >> To: arslist@ARSLIST.ORG >> Subject: ARDBC LDAP Active Directory question >> >> Hello list, I've got an AD question. >> >> We search our user info using the ARDBC LDAP plugin, it looks like on >> the DC level, objectclass=user. Some of the information I need is one >> more layer down, on the OU level. Is there any way that I can get my >> form to do that? >> >> Drew Shuller >> Soto Cano >> _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"
