Hi all i have a clean build 8.1. i am experimenting with AREA 8.1 in its simplest form, basically trying to authenticate the support staff against their local AD... simple one might think, but no... i have been fighting with it for a week now and seem to be getting no where fast. I am going to try and list the symptoms and findings here in the hope that someone can help (why can the simplest form of AD integration not be simple a few check boxes to make work like in most apps with this feature, and bury the clever stuff that the minority might want!!)
1. I have created a test user in AD called “test user”, with a password of “Password1”, and a USERNAME=123456 2. I have created a people record called “Test User” with a ARS password of “Window5” , and a USERNAME=123456 3. Placed the AD user into the default USERS container to avoid any confusion of OU’s 4. Tested both users in their own environment to make sure they log in 5. Setup AREA form in its simplest form with - hostname = AD server - port = 389 (confirmed AD is answering on this port via telnet to that port) - bind user is my own AD account which is domain admin - userbase = CM=Users,DC=DOMAIN (note this domain has only a single extension, i.e. where BMC is bmc.com, in this domain it would just be “bmc”) - User Search Filter = userPrincipalName=%\USER$ - Group membership = None - everything else is default 6.In the EA tab:: - RPC port = 390695 - Cross ref blank pas = CHECKED - Auth string chaining = “AREA - ARS” So, what happens… - If I log into remedy using 123456 and Window5 then it logs in fine as expected - If I log into remedy using 123456 and Password1 then it will not authenticate I then tried a few of the different chaining modes to see what would happen. None work except when I set it to: - ARS – OS – AREA At this point, I can now log into Remedy using EITHER the AD password or the ARS password. First question, what is “OS” in the chaining policy? I am assuming operating system, but what settings is it using, how is it getting those details, is it from some settings in the AREA form? I ask this, as when I went into AREA form and mess-up up the search stings and what not, but the login using AD password STILL worked, so it is like it does not use AREA config for the OS chaining function. I then fixed AREA config, but changed the “User Search Filter” to use “displayName” and then tested login using “TestUser” as login name with AD password, and it failed. I tried then using the USERNAME again and it still worked! I am now very confused, as the configuration of this in 8.1 DOES on paper look simple. I turned logging of filter to finest but go nothing of i8ntrest… it is like it is just not doing anything. I am just wondering have I missed a key point… I know in 7.65 is was a lot harder, but in 8.x it is supposed to be simpler… it installs the plugin as part of install etc, so I am just wondering is something broke, or am I being an idiot (I suspect the latter unfortunately) Cheers dan _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"