I appreciate the offer, but the client might frown on posting their info on the list. So, I've opened an issue with BMC instead.
But I think you might be on to something. I see a ton of logging for ARDBC, but just a few lines for AREA on startup. And I just realized I've omitted that we are setting it up for multiple domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a Multi-Domain Environment); however, we just have the one LDAP server defined in AREA at this time. MS's LDP.exe confirms we can reach the target LDAP server *and* bind using our test user *and* authenticate with that test user outside of Remedy. But within Remedy, we get "Authentication Failed". We know we have the user & pass correct, so the possibilities are: Remedy isn't actually connecting to LDAP *or* it is connecting, but can't find the user. Until I can validate the plugin is starting up and get logging to spit out more info, I'm stuck using the braille method to troubleshoot. Full circle now -- time to engage BMC support. Thanks again, JDHood On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark <mark_walt...@bmc.com> wrote: > ** > > I suspect that either the AREA LDAP plugin is not being loaded for some > reason or there is a configuration issue.**** > > ** ** > > Are you able to post the ar.conf and the plugin log, from startup, so that > I can see what you have set up?**** > > ** ** > > Mark**** > > ** ** > > I work for BMC, I don’t speak for them.**** > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *JD Hood > *Sent:* 21 December 2011 23:50 > *To:* arslist@ARSLIST.ORG > *Subject:* AREA LDAP logging question**** > > ** ** > > ** **** > > 7.6.04 ITSM on Windows & SQL Server**** > > ** ** > > I'm trying to configure AREA authentication. I have everything configured > enough to make an authentication attempt and the attempt naturally fails.* > *** > > ** ** > > I do not have a POC at the LDAP server to check my test user's account or > to check logging on the LDAP end.**** > > ** ** > > At this point, I'm not even sure I'm reaching LDAP, successfully binding > and/or hitting the test user's LDAP account.**** > > ** ** > > With plugin logging on and set to "ALL", I get about 730 lines of logging > when I attempt to login with a test user.**** > > ** ** > > Out of those 730 lines of logging, I only get the following two lines that > mention AREA or my user:**** > > ** ** > > <PLGN> <TID: 005436> <RPC ID: 0000000086> <Queue: AREA > <Client-RPC: > 390695> /* Wed Dec 21 2011 18:14:13.9300 */+VL AREAVerifyLoginCallback > -- user TRAIN19**** > > <PLGN> <TID: 005436> <RPC ID: 0000000086> <Queue: AREA > <Client-RPC: > 390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL > FAIL **** > > ** ** > > ** ** > > This is like troubleshooting via braille method. Is there another > AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY > side?**** > > ** ** > > I've checked ARSList archives and the BMC KB's and can't find anything > that I haven't already tried. I do see some really nice log > examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on > the Remedy Side. I think they would tell me what I need to know to get this > working. For now, all I can find is those two measly log lines above.**** > > ** ** > > Any suggestions on how to get AREA logging much more verbose on the > *REMEDY SIDE*?**** > > ** ** > > Thanks in advance!**** > > JDHood**** > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ **** > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"