Issues with LDAP
-Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz Sent: Thursday, September 09, 2010 9:07 AM To: arslist@ARSLIST.ORG Subject: Re: Changing row highlight color That's what I was looking for. Thanks for your help. Thanks, Shane Buchholz Systems Analyst II - Remedy Information Services Operations Samaritan Health Services -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ashcraft, Roy W CTR USAF AFWA 2 SYOS/SYOE Sent: Thursday, September 09, 2010 8:22 AM To: arslist@ARSLIST.ORG Subject: Re: Changing row highlight color Shane, In the 7.5 Mid-Tier guide, page 83 (section is page 74-86). tr.SelPrimary td and tr.SelSecondry td affect the primary and secondary row selections You would edit these in the appropriate arsystem.css file (midTierInstallDir\resources\standard\stylesheets). If you only want your changes to effect a single form or table, then you can add custom tags to the end of the file and then reference those tags on the field properties. Thanks, I have recently updated our LDAP ARDBC AREA configurations and we are seeing traffic routed to the old configuration. I have stopped/restarted Remedy services several times but this has not fixed the routing problem. Is there some config file I need to be looking in to see if some of the changes didn't work? I've reviewed the ar.cfg file and all looks good there. Thanks for your help, Larry B. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
LDAP error
I'm having trouble pulling data from Active Directory into the people form in Remedy. I get the following error message. Cannot connect to the directory service : Can't connect to the LDAP server (LDAPERR 91) (ARERR 3375) I've looked on the BMC community page and found 1 article where a user needed to update the Base DN For Discovery field. Sine this field was blank on my end I updated it and saved the form. Do I need to bounce the server for this to take place? Is there something else I'm missing? Btw: I have all the other info in this form. Thanks for your time, L. Barnes ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: LDAP error
You need to restart the plugin service. On Aug 27, 8:56 am, Larry Barnes larry.bar...@thecreek.com wrote: I'm having trouble pulling data from Active Directory into the people form in Remedy. I get the following error message. Cannot connect to the directory service : Can't connect to the LDAP server (LDAPERR 91) (ARERR 3375) I've looked on the BMC community page and found 1 article where a user needed to update the Base DN For Discovery field. Sine this field was blank on my end I updated it and saved the form. Do I need to bounce the server for this to take place? Is there something else I'm missing? Btw: I have all the other info in this form. Thanks for your time, L. Barnes ___ UNSUBSCRIBE or access ARSlist Archives atwww.arslist.orgattend wwrug10www.wwrug.comARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org attend wwrug10www.wwrug.comARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
ARDBC LDAP issue
All, Has anyone encountered the following error? Cannot connect to the directory service : Strong authentication required (LDAPERR 8)2028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece (ARERR 3375). We're trying to connect to Active Directory. The Remedy configuration looks simple enough with defaults and not using SSL. DC is set up to not require certificates. Any ideas? Ars 6.3 MSSQL 2000 Thanks ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP issue
It looks like (from the error you are receiving) that the Active Directory is requiring SSL and certificates. Your AD administrator should check to see if Simple Bind is allowed. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Novikov, Vladimir A CTR US USA Sent: Friday, August 13, 2010 11:36 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP issue ** All, Has anyone encountered the following error? Cannot connect to the directory service : Strong authentication required (LDAPERR 8)2028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece (ARERR 3375). We're trying to connect to Active Directory. The Remedy configuration looks simple enough with defaults and not using SSL. DC is set up to not require certificates. Any ideas? Ars 6.3 MSSQL 2000 Thanks ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
MS Security Patch and Windows 2008 x64 LDAP Issue
Hi Listers and old friends, Recently the server operations team installed MS security patches on our remedy application servers and LDAP no longer authenticates properly. We opened ticket with BMC and Microsoft and are still troubleshooting the issue. I found this link with a potential hotfix: http://support.microsoft.com/kb/980596 Platform is Windows 2008 Standard x64, ARS 7.5 p5 with 3 tiered architecture all VMs, Mid Tier server (IIS 6.0/Tomcat 5.5.28), App server, SQL server(Win 2008, SQL 2005). So far rolling back the app server prior to patch date gets us working again so we are equating the issue to the patching but at this point unsure. Anyone seen this before and has a suggestion please let me know. Thanks, Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: MS Security Patch and Windows 2008 x64 LDAP Issue
What does the plugin log say? Sent from my iPhone On 22 Jul 2010, at 15:29, Ken LaPierre klapie...@sc.rr.com wrote: Hi Listers and old friends, Recently the server operations team installed MS security patches on our remedy application servers and LDAP no longer authenticates properly. We opened ticket with BMC and Microsoft and are still troubleshooting the issue. I found this link with a potential hotfix: http://support.microsoft.com/kb/980596 Platform is Windows 2008 Standard x64, ARS 7.5 p5 with 3 tiered architecture all VMs, Mid Tier server (IIS 6.0/Tomcat 5.5.28), App server, SQL server(Win 2008, SQL 2005). So far rolling back the app server prior to patch date gets us working again so we are equating the issue to the patching but at this point unsure. Anyone seen this before and has a suggestion please let me know. Thanks, Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: MS Security Patch and Windows 2008 x64 LDAP Issue
This is definitely good to know.. Thanks for sharing this so we can be better prepared before patching the servers with the new security fixes.. Joe From: Ken LaPierre klapie...@sc.rr.com To: arslist@ARSLIST.ORG Sent: Thu, July 22, 2010 10:29:34 AM Subject: MS Security Patch and Windows 2008 x64 LDAP Issue Hi Listers and old friends, Recently the server operations team installed MS security patches on our remedy application servers and LDAP no longer authenticates properly. We opened ticket with BMC and Microsoft and are still troubleshooting the issue. I found this link with a potential hotfix: http://support.microsoft.com/kb/980596 Platform is Windows 2008 Standard x64, ARS 7.5 p5 with 3 tiered architecture all VMs, Mid Tier server (IIS 6.0/Tomcat 5.5.28), App server, SQL server(Win 2008, SQL 2005). So far rolling back the app server prior to patch date gets us working again so we are equating the issue to the patching but at this point unsure. Anyone seen this before and has a suggestion please let me know. Thanks, Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: MS Security Patch and Windows 2008 x64 LDAP Issue
ARGetEntry -- schema AR System Administration: Server Information entryId 001 from Remedy User (protocol 14) at IP address 10.11.23.AA ARGetServerInfo -- as user Remedy Application Service from Server Admin Plug-in (protocol 14) at IP address 10.26.3.BBB OK OK ARVerifyUser -- user ken.lapie...@usdoj.gov from Mid-tier (protocol 14) at IP address 10.26.3.BBC LOGIN FAILED ken.lapie...@usdoj.gov (password) FAIL ARSetEntry -- schema AR System Administration: Server Information entryId 001 from Remedy User (protocol 14) at IP address 10.11.23.AA ARSetServerInfo -- as user Remedy Application Service from Server Admin Plug-in (protocol 14) at IP address 10.26.3.BBB IP Addressess Changed. Danny Kellett danny.kell...@strategicworkflow.com wrote: What does the plugin log say? Sent from my iPhone On 22 Jul 2010, at 15:29, Ken LaPierre klapie...@sc.rr.com wrote: Hi Listers and old friends, Recently the server operations team installed MS security patches on our remedy application servers and LDAP no longer authenticates properly. We opened ticket with BMC and Microsoft and are still troubleshooting the issue. I found this link with a potential hotfix: http://support.microsoft.com/kb/980596 Platform is Windows 2008 Standard x64, ARS 7.5 p5 with 3 tiered architecture all VMs, Mid Tier server (IIS 6.0/Tomcat 5.5.28), App server, SQL server(Win 2008, SQL 2005). So far rolling back the app server prior to patch date gets us working again so we are equating the issue to the patching but at this point unsure. Anyone seen this before and has a suggestion please let me know. Thanks, Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: MS Security Patch and Windows 2008 x64 LDAP Issue
Not enough information. You need to set the plugin log level to ALL and try again. Regards Danny -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ken LaPierre Sent: 22 July 2010 20:34 To: arslist@ARSLIST.ORG Subject: Re: MS Security Patch and Windows 2008 x64 LDAP Issue ARGetEntry -- schema AR System Administration: Server Information entryId 001 from Remedy User (protocol 14) at IP address 10.11.23.AA ARGetServerInfo -- as user Remedy Application Service from Server Admin Plug-in (protocol 14) at IP address 10.26.3.BBB OK OK ARVerifyUser -- user ken.lapie...@usdoj.gov from Mid-tier (protocol 14) at IP address 10.26.3.BBC LOGIN FAILED ken.lapie...@usdoj.gov (password) FAIL ARSetEntry -- schema AR System Administration: Server Information entryId 001 from Remedy User (protocol 14) at IP address 10.11.23.AA ARSetServerInfo -- as user Remedy Application Service from Server Admin Plug-in (protocol 14) at IP address 10.26.3.BBB IP Addressess Changed. Danny Kellett danny.kell...@strategicworkflow.com wrote: What does the plugin log say? Sent from my iPhone On 22 Jul 2010, at 15:29, Ken LaPierre klapie...@sc.rr.com wrote: Hi Listers and old friends, Recently the server operations team installed MS security patches on our remedy application servers and LDAP no longer authenticates properly. We opened ticket with BMC and Microsoft and are still troubleshooting the issue. I found this link with a potential hotfix: http://support.microsoft.com/kb/980596 Platform is Windows 2008 Standard x64, ARS 7.5 p5 with 3 tiered architecture all VMs, Mid Tier server (IIS 6.0/Tomcat 5.5.28), App server, SQL server(Win 2008, SQL 2005). So far rolling back the app server prior to patch date gets us working again so we are equating the issue to the patching but at this point unsure. Anyone seen this before and has a suggestion please let me know. Thanks, Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: MS Security Patch and Windows 2008 x64 LDAP Issue
Is it just AREA LDAP that is having an issue? We have a very similar environment (ARS 7.5 and Win 2008 x64) and have not had any issue since we patched last night. Our users Cross Reference Blank Password through the server (not AREA because we do not have the RPC port set) and we update AD via ARDBC LDAP. Does this happen with the User Tool? Sometime the MT password gets out of sync with ARS and it could look like a user authentication error (although I would expect to see your username in the plug-in log if MT had an issue authenticating). If it doesn't happen with the WUT I would check the MT admin password. Jason On Thu, Jul 22, 2010 at 12:34 PM, Ken LaPierre klapie...@sc.rr.com wrote: ARGetEntry -- schema AR System Administration: Server Information entryId 001 from Remedy User (protocol 14) at IP address 10.11.23.AA ARGetServerInfo -- as user Remedy Application Service from Server Admin Plug-in (protocol 14) at IP address 10.26.3.BBB OK OK ARVerifyUser -- user ken.lapie...@usdoj.gov from Mid-tier (protocol 14) at IP address 10.26.3.BBC LOGIN FAILED ken.lapie...@usdoj.gov (password) FAIL ARSetEntry -- schema AR System Administration: Server Information entryId 001 from Remedy User (protocol 14) at IP address 10.11.23.AA ARSetServerInfo -- as user Remedy Application Service from Server Admin Plug-in (protocol 14) at IP address 10.26.3.BBB IP Addressess Changed. Danny Kellett danny.kell...@strategicworkflow.com wrote: What does the plugin log say? Sent from my iPhone On 22 Jul 2010, at 15:29, Ken LaPierre klapie...@sc.rr.com wrote: Hi Listers and old friends, Recently the server operations team installed MS security patches on our remedy application servers and LDAP no longer authenticates properly. We opened ticket with BMC and Microsoft and are still troubleshooting the issue. I found this link with a potential hotfix: http://support.microsoft.com/kb/980596 Platform is Windows 2008 Standard x64, ARS 7.5 p5 with 3 tiered architecture all VMs, Mid Tier server (IIS 6.0/Tomcat 5.5.28), App server, SQL server(Win 2008, SQL 2005). So far rolling back the app server prior to patch date gets us working again so we are equating the issue to the patching but at this point unsure. Anyone seen this before and has a suggestion please let me know. Thanks, Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- Ken LaPierre Senior BMC Remedy Consultant www.bmc.com North Myrtle Beach, SC ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Notify Action - authenticates against LDAP when user name specified is an email address
We are seeing an unusual behavior, which we identified inadvertently and I am trying to identify if this behavior is expected. Here's the scenario: The OOB notification events in ITSM 7.1 have been configured to set the default notification mechanism to be blank. Hence the notification sent out is based on the users’ preference setting in the User form. For this scenario, the filter invoked on NTE:Notifier form has a notify action with the notification mechanism specified as “User Default” and a Remedy Login ID is specified for the user name. The email engine does not authenticate the users' account (the one that is receiving the notification) against LDAP. The custom notification event records we have defined have the default notification mechanism as Email, since we want these to be going out as email notifications. So, when the notification is sent out from the NTE:Notifier form, the filter that is being invoked for sending notifications is setting the notification mechanism to “Email” and an internet email address is specified for the user name. This in turn authenticates the email address against LDAP -- this behavior does not make sense to me. Why should the email engine authenticate against LDAP when sending out email notifications to users? I would like to hear if anyone has any insight on this behavior and how to avoid the authentication when the default notification mechanism is specified as Email and an email address is specified as the user name in the notify filter action. Thanks, --Shyam ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Notify Action - authenticates against LDAP when user name specified is an email address
This is working as designed as it is possible for the LDAP server to provide email address information for a user. The call to the LDAP server can be prevented by setting an ar.conf parameter called External-Authentication-Return-Data-Capabilities: (check the exact name please as I don't have a copy of the config manual handy). Setting this to a value of 31 should prevent all calls to LDAP other than those for authentication purposes. Mark From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Shyam Attavar [atta...@sbcglobal.net] Sent: 11 June 2010 18:15 To: arslist@ARSLIST.ORG Subject: Notify Action - authenticates against LDAP when user name specified is an email address ** We are seeing an unusual behavior, which we identified inadvertently and I am trying to identify if this behavior is expected. Here's the scenario: The OOB notification events in ITSM 7.1 have been configured to set the default notification mechanism to be blank. Hence the notification sent out is based on the users’ preference setting in the User form. For this scenario, the filter invoked on NTE:Notifier form has a notify action with the notification mechanism specified as “User Default” and a Remedy Login ID is specified for the user name. The email engine does not authenticate the users' account (the one that is receiving the notification) against LDAP. The custom notification event records we have defined have the default notification mechanism as Email, since we want these to be going out as email notifications. So, when the notification is sent out from the NTE:Notifier form, the filter that is being invoked for sending notifications is setting the notification mechanism to “Email” and an internet email address is specified for the user name. This in turn authenticates the email address against LDAP -- this behavior does not make sense to me. Why should the email engine authenticate against LDAP when sending out email notifications to users? I would like to hear if anyone has any insight on this behavior and how to avoid the authentication when the default notification mechanism is specified as Email and an email address is specified as the user name in the notify filter action. Thanks, -- Shyam _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Notify Action - authenticates against LDAP when user name specified is an email address
Thanks Mark, I'll lookup the exact parameter and try that out. -- Shyam From: Walters, Mark mark_walt...@bmc.com To: arslist@ARSLIST.ORG Sent: Fri, June 11, 2010 10:59:37 AM Subject: Re: Notify Action - authenticates against LDAP when user name specified is an email address This is working as designed as it is possible for the LDAP server to provide email address information for a user. The call to the LDAP server can be prevented by setting an ar.conf parameter called External-Authentication-Return-Data-Capabilities: (check the exact name please as I don't have a copy of the config manual handy). Setting this to a value of 31 should prevent all calls to LDAP other than those for authentication purposes. Mark From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Shyam Attavar [atta...@sbcglobal.net] Sent: 11 June 2010 18:15 To: arslist@ARSLIST.ORG Subject: Notify Action - authenticates against LDAP when user name specified is an email address ** We are seeing an unusual behavior, which we identified inadvertently and I am trying to identify if this behavior is expected. Here's the scenario: The OOB notification events in ITSM 7.1 have been configured to set the default notification mechanism to be blank. Hence the notification sent out is based on the users’ preference setting in the User form. For this scenario, the filter invoked on NTE:Notifier form has a notify action with the notification mechanism specified as “User Default” and a Remedy Login ID is specified for the user name. The email engine does not authenticate the users' account (the one that is receiving the notification) against LDAP. The custom notification event records we have defined have the default notification mechanism as Email, since we want these to be going out as email notifications. So, when the notification is sent out from the NTE:Notifier form, the filter that is being invoked for sending notifications is setting the notification mechanism to “Email” and an internet email address is specified for the user name. This in turn authenticates the email address against LDAP -- this behavior does not make sense to me. Why should the email engine authenticate against LDAP when sending out email notifications to users? I would like to hear if anyone has any insight on this behavior and how to avoid the authentication when the default notification mechanism is specified as Email and an email address is specified as the user name in the notify filter action. Thanks, -- Shyam _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Current LDAP Limitations?
Back around Remedy 5.6 was the last time I tried to pull large quantities of data from Active Directory using the Remedy LDAP/ARDBC Active Directory integration. Setting it up was easy but we had two issues back then: 1.) We couldn't query by date fields - no results were returned 2.) Page sizing was an issue and it would only return X,XXX records - To get the 750,000 I needed we had to do batches. So - does anyone know if these issues are fixed? If I remember right it wasn't actually a BMC problem but it was related to the MS connector. I can't find any good info on this. William Rentfrow Principal Consultant, StrataCom Inc. wrentf...@stratacominc.com Corporate Website, www.stratacominc.com http://www.stratacominc.com/ Blog, www.williamrentfrow.com http://www.williamrentfrow.com/ 715-410-8156 C ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Current LDAP Limitations?
2010/5/12 William Rentfrow wrentf...@stratacominc.com: ** Back around Remedy 5.6 was the last time I tried to pull large quantities of data from Active Directory using the Remedy LDAP/ARDBC Active Directory integration. Setting it up was easy but we had two issues back then: 1.) We couldn't query by date fields - no results were returned 2.) Page sizing was an issue and it would only return X,XXX records - To get the 750,000 I needed we had to do batches. It sounds like a limitation of Active Directory about the number of objects returned from a LDAP query, and not use batch will not work. You can try to increase this limit in Active Directory (MaxPageSize) See Windows 2000 and Windows Server 2003 LDAP administration limits - http://support.microsoft.com/kb/315071 So - does anyone know if these issues are fixed? If I remember right it wasn't actually a BMC problem but it was related to the MS connector. I can't find any good info on this. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Current LDAP Limitations?
I am currently using ARS 7.1.0 Patch 007 (on Solaris). I can see the Date/Time fields on my vendor form but still cannot query by them. Anybody on 7.5 want to add whenChanged or modifyTimeStamp to your LDAP vendor form and try to query by it? As for #2 I believe it is a setting in the AD for max rows returned. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of William Rentfrow Sent: Wednesday, May 12, 2010 12:06 PM To: arslist@ARSLIST.ORG Subject: Current LDAP Limitations? ** Back around Remedy 5.6 was the last time I tried to pull large quantities of data from Active Directory using the Remedy LDAP/ARDBC Active Directory integration. Setting it up was easy but we had two issues back then: 1.) We couldn't query by date fields - no results were returned 2.) Page sizing was an issue and it would only return X,XXX records - To get the 750,000 I needed we had to do batches. So - does anyone know if these issues are fixed? If I remember right it wasn't actually a BMC problem but it was related to the MS connector. I can't find any good info on this. William Rentfrow Principal Consultant, StrataCom Inc. wrentf...@stratacominc.com Corporate Website, www.stratacominc.com Blog, www.williamrentfrow.com 715-410-8156 C ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Current LDAP Limitations?
You also may need to check the uid your connecting with to query the AD directly (LDAP Searches). Not only are there size limits in most LDAP's for searches, depending on where the search is being conducted (i.e., at the root level or specific container like cn=users,cn=whatever, etc...) the account your connecting with may not have the necessary rights within the directory structure. Hope this helps. Scott From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Grooms, Frederick W [frederick.w.gro...@xo.com] Sent: Wednesday, May 12, 2010 2:49 PM To: arslist@ARSLIST.ORG Subject: Re: Current LDAP Limitations? I am currently using ARS 7.1.0 Patch 007 (on Solaris). I can see the Date/Time fields on my vendor form but still cannot query by them. Anybody on 7.5 want to add whenChanged or modifyTimeStamp to your LDAP vendor form and try to query by it? As for #2 I believe it is a setting in the AD for max rows returned. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of William Rentfrow Sent: Wednesday, May 12, 2010 12:06 PM To: arslist@ARSLIST.ORG Subject: Current LDAP Limitations? ** Back around Remedy 5.6 was the last time I tried to pull large quantities of data from Active Directory using the Remedy LDAP/ARDBC Active Directory integration. Setting it up was easy but we had two issues back then: 1.) We couldn't query by date fields - no results were returned 2.) Page sizing was an issue and it would only return X,XXX records - To get the 750,000 I needed we had to do batches. So - does anyone know if these issues are fixed? If I remember right it wasn't actually a BMC problem but it was related to the MS connector. I can't find any good info on this. William Rentfrow Principal Consultant, StrataCom Inc. wrentf...@stratacominc.com Corporate Website, www.stratacominc.com Blog, www.williamrentfrow.com 715-410-8156 C ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Current LDAP Limitations?
Confirmed on ARS 7.5 p1. I was able to query by createTimeStamp, whenCreated, whenChanged and modifyTimeStamp. I didn't vet the results too thoroughly but the number of results returned looked about right. Jason On Wed, May 12, 2010 at 11:49 AM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: I am currently using ARS 7.1.0 Patch 007 (on Solaris). I can see the Date/Time fields on my vendor form but still cannot query by them. Anybody on 7.5 want to add whenChanged or modifyTimeStamp to your LDAP vendor form and try to query by it? As for #2 I believe it is a setting in the AD for max rows returned. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of William Rentfrow Sent: Wednesday, May 12, 2010 12:06 PM To: arslist@ARSLIST.ORG Subject: Current LDAP Limitations? ** Back around Remedy 5.6 was the last time I tried to pull large quantities of data from Active Directory using the Remedy LDAP/ARDBC Active Directory integration. Setting it up was easy but we had two issues back then: 1.) We couldn't query by date fields - no results were returned 2.) Page sizing was an issue and it would only return X,XXX records - To get the 750,000 I needed we had to do batches. So - does anyone know if these issues are fixed? If I remember right it wasn't actually a BMC problem but it was related to the MS connector. I can't find any good info on this. William Rentfrow Principal Consultant, StrataCom Inc. wrentf...@stratacominc.com Corporate Website, www.stratacominc.com Blog, www.williamrentfrow.com 715-410-8156 C ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
AREA LDAP Integration - please help me to start it
Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Best place to start would be the Integration Guide for AR System. LDAP plug-ins are documented in Chapter 8. -David J. Easter Sr. Product Manager, Enterprise Service Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 10:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
This information is going to need to come from your AD guys. It depends entirely upon your domain structure. Yours might be OU=Users,DC= GSSAMERICA,DC=com But in all honesty I don't know where your domain admins keep their user records..don't know if they store them in the Users, or some other folder..don't know what your structure is.so you will need to check with them From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 12:08 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Thanks LJ as of now, My Base User configuration done by your guidance now am doing from there onwards. your help is really appreciated in this regard. Thanks a ton Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Thursday, April 29, 2010 12:06 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** This information is going to need to come from your AD guys. It depends entirely upon your domain structure. Yours might be OU=Users,DC= GSSAMERICA,DC=com But in all honesty I don't know where your domain admins keep their user records..don't know if they store them in the Users, or some other folder..don't know what your structure is.so you will need to check with them From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 12:08 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Thanks for the reply, In a configuration of LDAP with ARSystem To map LDAP groups to AR System groups - May I know what I have to mention in 'LDAP Group name' and 'ARSystem Group' field under 'EA' tab in Server information form. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Thursday, April 29, 2010 12:06 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** This information is going to need to come from your AD guys. It depends entirely upon your domain structure. Yours might be OU=Users,DC= GSSAMERICA,DC=com But in all honesty I don't know where your domain admins keep their user records..don't know if they store them in the Users, or some other folder..don't know what your structure is.so you will need to check with them From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 12:08 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
I've never used the LDAP-ARS mapping feature, sorry..I have no experience that can help you there. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 2:12 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks for the reply, In a configuration of LDAP with ARSystem To map LDAP groups to AR System groups - May I know what I have to mention in 'LDAP Group name' and 'ARSystem Group' field under 'EA' tab in Server information form. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Thursday, April 29, 2010 12:06 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** This information is going to need to come from your AD guys. It depends entirely upon your domain structure. Yours might be OU=Users,DC= GSSAMERICA,DC=com But in all honesty I don't know where your domain admins keep their user records..don't know if they store them in the Users, or some other folder..don't know what your structure is.so you will need to check with them From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 12:08 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Hi, You can use ldap browser ( http://www.ldapbrowser.com www.ldapbrowser.com) to navigate on the ldap tree. This tool will help you configure arealdap plugin. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:00 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** I've never used the LDAP-ARS mapping feature, sorry..I have no experience that can help you there. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 2:12 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks for the reply, In a configuration of LDAP with ARSystem To map LDAP groups to AR System groups - May I know what I have to mention in 'LDAP Group name' and 'ARSystem Group' field under 'EA' tab in Server information form. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Thursday, April 29, 2010 12:06 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** This information is going to need to come from your AD guys. It depends entirely upon your domain structure. Yours might be OU=Users,DC= GSSAMERICA,DC=com But in all honesty I don't know where your domain admins keep their user records..don't know if they store them in the Users, or some other folder..don't know what your structure is.so you will need to check with them From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 12:08 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
The fact is that I do not have ownership on the LDAP directory, and I have to use the dn. I cannot add any sn or uid, and the process owner will not make the change for me... Kais On 20 Apr 2010, at 17:46, Grooms, Frederick W wrote: I believe someone in the past suggested using uSNCreated as the mapping for RequestID. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: Tuesday, April 20, 2010 10:20 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
Hi, Something tickles in the back of my mind about the 15-char limit had been removed, or should be removed... If the 15-char limit is in place, you must have a unique attribute that will fit. Unless, as I said, you can leverage a table-field to do what you want to do. The reason is that the table-field will only do one retrieval using ARGetListEntryWithFields(). You can also modify the source for the ARDBC-LDAP-plugin, and pack the DN so that it will fit the 15-char limit... Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. The fact is that I do not have ownership on the LDAP directory, and I have to use the dn. I cannot add any sn or uid, and the process owner will not make the change for me... Kais On 20 Apr 2010, at 17:46, Grooms, Frederick W wrote: I believe someone in the past suggested using uSNCreated as the mapping for RequestID. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: Tuesday, April 20, 2010 10:20 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- This message was scanned by ESVA and is believed to be clean. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
Hi Misi, Have you been able to find the source of the AREA/ARDBC plugins ? I am very intersted in getting these. Best regards, Jean-Louis -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: mercredi 21 avril 2010 9:09 To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Hi, Something tickles in the back of my mind about the 15-char limit had been removed, or should be removed... If the 15-char limit is in place, you must have a unique attribute that will fit. Unless, as I said, you can leverage a table-field to do what you want to do. The reason is that the table-field will only do one retrieval using ARGetListEntryWithFields(). You can also modify the source for the ARDBC-LDAP-plugin, and pack the DN so that it will fit the 15-char limit... Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. The fact is that I do not have ownership on the LDAP directory, and I have to use the dn. I cannot add any sn or uid, and the process owner will not make the change for me... Kais On 20 Apr 2010, at 17:46, Grooms, Frederick W wrote: I believe someone in the past suggested using uSNCreated as the mapping for RequestID. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: Tuesday, April 20, 2010 10:20 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- This message was scanned by ESVA and is believed to be clean. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are This message was successfully scanned against all known virusses by McAfee Groupshield. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
Hi Jean-Louis, I thought it was included in the API, but as it appears, only the sample for the AREA-LDAP is included. Not the ARDBC-LDAP... The ARDBC-LDAP would be much more complicated I guess. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. Hi Misi, Have you been able to find the source of the AREA/ARDBC plugins ? I am very intersted in getting these. Best regards, Jean-Louis -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: mercredi 21 avril 2010 9:09 To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Hi, Something tickles in the back of my mind about the 15-char limit had been removed, or should be removed... If the 15-char limit is in place, you must have a unique attribute that will fit. Unless, as I said, you can leverage a table-field to do what you want to do. The reason is that the table-field will only do one retrieval using ARGetListEntryWithFields(). You can also modify the source for the ARDBC-LDAP-plugin, and pack the DN so that it will fit the 15-char limit... Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. The fact is that I do not have ownership on the LDAP directory, and I have to use the dn. I cannot add any sn or uid, and the process owner will not make the change for me... Kais On 20 Apr 2010, at 17:46, Grooms, Frederick W wrote: I believe someone in the past suggested using uSNCreated as the mapping for RequestID. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: Tuesday, April 20, 2010 10:20 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- This message was scanned by ESVA and is believed to be clean. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are This message was successfully scanned against all known virusses by McAfee Groupshield. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- This message was scanned by ESVA and is believed to be clean. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
Is this a Microsoft Active Directory? uSNCreated should be a standard indexed attribute. Grab a copy of the free Softerra LDAP browser http://www.softerra.com/download.htm to see the AD. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Wednesday, April 21, 2010 1:40 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP The fact is that I do not have ownership on the LDAP directory, and I have to use the dn. I cannot add any sn or uid, and the process owner will not make the change for me... Kais On 20 Apr 2010, at 17:46, Grooms, Frederick W wrote: I believe someone in the past suggested using uSNCreated as the mapping for RequestID. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: Tuesday, April 20, 2010 10:20 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
I have set the log level to Finest for plugin logs and I only see the following entries... I don't see any failures in the log. PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */+CTARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */-CT OK PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0009 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0010 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0027 */+CTARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0028 */-CT OK I do see the following in aruser.log: LOGIN FAILED loginid (password) I also see the following in arapi.log during log-in time: API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid/* Wed Apr 21 2010 07:15:11.5996 */+GSIARGetServerInfo -- as user 436557 from Remedy User (protocol 13) at IP address ipaddress API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid/* Wed Apr 21 2010 07:15:11.6036 */-GSI FAIL But nothing in any of the logs indicate what could be causing the authentication failure. Any other configurations to check? Thanks, -- Shyam From: Joe D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Tue, April 20, 2010 6:31:17 PM Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Shyam, Enable the plugin log and set it to Fine and see what you get when you are trying to authenticate using the plugin.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Shyam Attavar Sent: Tuesday, April 20, 2010 7:49 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam_attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
Are there any entries from the AREA plugin at all? Are you sure it's being loaded? Mark From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shyam Attavar Sent: 21 April 2010 15:19 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** I have set the log level to Finest for plugin logs and I only see the following entries... I don't see any failures in the log. PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */+CTARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */-CT OK PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0009 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0010 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0027 */+CTARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0028 */-CT OK I do see the following in aruser.log: LOGIN FAILED loginid (password) I also see the following in arapi.log during log-in time: API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid/* Wed Apr 21 2010 07:15:11.5996 */+GSIARGetServerInfo -- as user 436557 from Remedy User (protocol 13) at IP address ipaddress API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid/* Wed Apr 21 2010 07:15:11.6036 */-GSI FAIL But nothing in any of the logs indicate what could be causing the authentication failure. Any other configurations to check? Thanks, -- Shyam From: Joe D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Tue, April 20, 2010 6:31:17 PM Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Shyam, Enable the plugin log and set it to Fine and see what you get when you are trying to authenticate using the plugin.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Shyam Attavar Sent: Tuesday, April 20, 2010 7:49 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam _attend WWRUG10 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: {Remedy ARS} AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
I had an ldap issue with an update to 7.1 patch 3 long ago. It was a little different. I could authenticate with the first ldap in the config but the rest wouldn't work. So not sure if this will help. = Found out a little bit of information, well confirmed it actually, concerning the information on page 174 of the Integration Guide. What this means is that you can only have one plugin dll in the ar.cfg file. What I see in your ar.cfg file is this: Plugin: arealdap.dll and Plugin: areahub.dll Since the arealdap.dll is listed first in the ar.cfg file, that is the plugin being used. Please comment out or remove the Plugin: arealdap.dll line that exists at the top of the ar.cfg file, then restart ARServer and test. What I also confirmed was that when using the AREA Hub dll, if a user authentication call fails for any reason, it should still failover to the next LDAP server in the AREALDAP Configuration form list, until it authenticates the user or exhausts the list of directory servers. Let me know if this information helps to resolve the issue. On Apr 20, 7:48 pm, Shyam Attavar atta...@sbcglobal.net wrote: Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam ___ UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org attend wwrug10www.wwrug.comARSlist: Where the Answers Are -- You received this message because you are subscribed to the Google Groups Remedy ARS group. To post to this group, send email to arsl...@googlegroups.com. To unsubscribe from this group, send email to arslist+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/arslist?hl=en. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: {Remedy ARS} AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
Shyam, Go to your armonitor.cfg file (assuming windows) and make sure your entries for arplugin.exe are correct. When I upgraded from 7.1P2 -- 7.1P7, 2 of my plugin entries were chopped off. You should be able to compare your Dev and your Prod environments. I use 3 plugins because I have 3 directories I authenticate users to.. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of remedy lee Sent: Wednesday, April 21, 2010 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: {Remedy ARS} AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade I had an ldap issue with an update to 7.1 patch 3 long ago. It was a little different. I could authenticate with the first ldap in the config but the rest wouldn't work. So not sure if this will help. = Found out a little bit of information, well confirmed it actually, concerning the information on page 174 of the Integration Guide. What this means is that you can only have one plugin dll in the ar.cfg file. What I see in your ar.cfg file is this: Plugin: arealdap.dll and Plugin: areahub.dll Since the arealdap.dll is listed first in the ar.cfg file, that is the plugin being used. Please comment out or remove the Plugin: arealdap.dll line that exists at the top of the ar.cfg file, then restart ARServer and test. What I also confirmed was that when using the AREA Hub dll, if a user authentication call fails for any reason, it should still failover to the next LDAP server in the AREALDAP Configuration form list, until it authenticates the user or exhausts the list of directory servers. Let me know if this information helps to resolve the issue. On Apr 20, 7:48 pm, Shyam Attavar atta...@sbcglobal.net wrote: Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam ___ UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org attend wwrug10www.wwrug.comARSlist: Where the Answers Are -- You received this message because you are subscribed to the Google Groups Remedy ARS group. To post to this group, send email to arsl...@googlegroups.com. To unsubscribe from this group, send email to arslist+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/arslist?hl=en. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
Shyam, That's the same thing I would ask that Mark did. It appears as though the AREA plugin is not being called at all in the logs if that is all you see in your plugin log file. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Walters, Mark Sent: Wednesday, April 21, 2010 10:21 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Are there any entries from the AREA plugin at all? Are you sure it's being loaded? Mark From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shyam Attavar Sent: 21 April 2010 15:19 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** I have set the log level to Finest for plugin logs and I only see the following entries... I don't see any failures in the log. PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */+CT ARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */-CT OK PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0009 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0010 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0027 */+CT ARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0028 */-CT OK I do see the following in aruser.log: LOGIN FAILED loginid (password) I also see the following in arapi.log during log-in time: API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid /* Wed Apr 21 2010 07:15:11.5996 */+GSIARGetServerInfo -- as user 436557 from Remedy User (protocol 13) at IP address ipaddress API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid /* Wed Apr 21 2010 07:15:11.6036 */-GSI FAIL But nothing in any of the logs indicate what could be causing the authentication failure. Any other configurations to check? Thanks, -- Shyam -- From: Joe D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Tue, April 20, 2010 6:31:17 PM Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Shyam, Enable the plugin log and set it to Fine and see what you get when you are trying to authenticate using the plugin.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Shyam Attavar Sent: Tuesday, April 20, 2010 7:49 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
Joe, Mark, et al Thanks for your input. I'll confirm the AREA plugin is being loaded and see if there are indicators for errors. -- Shyam From: Joe D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Wed, April 21, 2010 10:02:18 AM Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Shyam, That's the same thing I would ask that Mark did. It appears as though the AREA plugin is not being called at all in the logs if that is all you see in your plugin log file. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Walters, Mark Sent: Wednesday, April 21, 2010 10:21 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Are there any entries from the AREA plugin at all? Are you sure it’s being loaded? Mark From:Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shyam Attavar Sent: 21 April 2010 15:19 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** I have set the log level to Finest for plugin logs and I only see the following entries... I don't see any failures in the log. PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000110 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9027 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */+CT ARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000111 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:12.9030 */-CT OK PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0009 */+GLEWF ARDBCGetListEntryWithFields -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION table Server Info Plugin Setttings PLGN TID: 56671136 RPC ID: 000112 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0010 */-GLEWF OK PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0027 */+CT ARDBCCommitTransaction -- vendor REMEDY.ARDBC.SERVER.ADMINISTRATION PLGN TID: 56671136 RPC ID: 000113 Queue: ARDBC Client-RPC: 390695 /* Wed Apr 21 2010 06:59:13.0028 */-CT OK I do see the following in aruser.log: LOGIN FAILED loginid (password) I also see the following in arapi.log during log-in time: API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620 USER: loginid /* Wed Apr 21 2010 07:15:11.5996 */+GSIARGetServerInfo -- as user 436557 from Remedy User (protocol 13) at IP address ipaddress API TID: 0089148320 RPC ID: 015023 Queue: Fast Client-RPC: 390620USER: loginid /* Wed Apr 21 2010 07:15:11.6036 */-GSI FAIL But nothing in any of the logs indicate what could be causing the authentication failure. Any other configurations to check? Thanks, -- Shyam From:Joe D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Tue, April 20, 2010 6:31:17 PM Subject: Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Shyam, Enable the plugin log and set it to Fine and see what you get when you are trying to authenticate using the plugin.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Shyam Attavar Sent: Tuesday, April 20, 2010 7:49 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4
ARDBC LDAP
Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are -- This message was scanned by ESVA and is believed to be clean. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
I believe someone in the past suggested using uSNCreated as the mapping for RequestID. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Misi Mladoniczky Sent: Tuesday, April 20, 2010 10:20 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP I have not done this recently. My experience was that you needed to add a unique attribute to the directory that could be used to retrieve the actual record. If you are only doing a table-refresh to load data, you will not need this, as the system only performs a single search. If you are using set-fields or push-fields, the unique max-15-character-key is needed. Best Regards - Misi, RRR AB, http://www.rrr.se Products from RRR Scandinavia: * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP
I use the cn, which isn't great, but it's unique and always populated. Plus, when people change their names, their login stays the same here, so I don't have an issue with that. Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of ARSmarts Support Sent: Tuesday, April 20, 2010 8:44 AM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Hi listeners, Has anybody ever been able to use the ARDBC LDAP plugin mapping the request id to the dn ? I succeeded with mapping to attribute where length is less than 15 characters, but I can't succeed with longer strings, while it is documented as being supported. I am using ARS 7.5 patch 3. Thanks for your help. Kais ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade
Shyam, Enable the plugin log and set it to Fine and see what you get when you are trying to authenticate using the plugin.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Shyam Attavar Sent: Tuesday, April 20, 2010 7:49 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP issue after upgrading to AR Server 7.1.0 Patch 9 upgrade ** Dear Listers, We upgraded our test environment from AR Server 7.1.0 Patch 006 to Patch 009. As part of the upgrade we upgraded the AREA LDAP plugin as well. After the upgrade, we are unable to authenticate against LDAP. We can login to the system by setting a local password in the user form. I have reconfigured the AREA LDAP entries from the AR System Administration Console, but unable to resolve the issue. Anyone else seen this issue after upgrading to AR Server 7.1.0 Patch 009? if so, how were you able to resolve the issue? Environment: AR Server on RHEL Oracle 10gR4 on RHEL Thanks in advance, -- Shyam ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Problems creating LDAP Vendor forms
Joe, I am using ARServer 7.5 patch 4, the latest BMC AR Server version. If I activate plugin log, I can see the value 001 is recognized as Form entry. If I indicate it manually in the Request Id field, the LDAP : Bad search filter (LDAPERR 87) (ARERR 3377) message appears. Sergio Tomillero -- View this message in context: http://n2.nabble.com/Problems-creating-LDAP-Vendor-forms-tp4900817p4905891.html Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Problems creating LDAP Vendor forms
Hi The problem has been resolved. It was the Key field when creating a Vendor form, that was without being mapped for any field. I have selected one that has a unique value for each record and mapped it to the 'Key field'. Now I can access from Remedy user to vendor forms and doing searches through their records without any problem. Thanks regards Sergio Tomillero -- View this message in context: http://n2.nabble.com/Problems-creating-LDAP-Vendor-forms-tp4900817p4906209.html Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Problems creating LDAP Vendor forms
Hello, Creating a vendor form, I indicate the next in vendor properties: //LDAP_DIRECTORY_SERVICE_HOST/BASE_DN??sub?(objectclass=OrganizationalPerson) I get a list of fields and choose some of them. Once created the form, I cannot see the results in Remedy. When accessing to it, and doing a clic on ‘Search’ button, I get the message: - ARERR [100] Entry ID void parameter It happens the same with any Vendor Form using LDAP that I create, instead of the vendor properties. Doing a plugging log, I do not see any relevant. Also If I indicate something in Request ID field, for instance ‘1’ and do a search, I get the error: - LDAP : Bad search filter (LDAPERR 87) (ARERR 3377) Any idea? Thank you in advance, Sergio Tomillero -- View this message in context: http://n2.nabble.com/Problems-creating-LDAP-Vendor-forms-tp4900817p4900817.html Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Problems creating LDAP Vendor forms
Sergio, One of the records from LDAP from the LDAP attribute that you have mapped to the Request ID field on the vendor form has a null value. This is preventing the ARS from displaying the information. Use an LDAP browser and try locating that record and insert some unique piece of information in that attribute... I am guessing you are probably on ARS 6.3 or below? I think the newer version ignores blank values in the Request ID fields or duplicates and still displays the information.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org]on Behalf Of Sergio Tomillero Sent: Wednesday, April 14, 2010 6:10 AM To: arslist@ARSLIST.ORG Subject: Problems creating LDAP Vendor forms Hello, Creating a vendor form, I indicate the next in vendor properties: //LDAP_DIRECTORY_SERVICE_HOST/BASE_DN??sub?(objectclass=OrganizationalPe rson) I get a list of fields and choose some of them. Once created the form, I cannot see the results in Remedy. When accessing to it, and doing a clic on ‘Search’ button, I get the message: - ARERR [100] Entry ID void parameter It happens the same with any Vendor Form using LDAP that I create, instead of the vendor properties. Doing a plugging log, I do not see any relevant. Also If I indicate something in Request ID field, for instance ‘1’ and do a search, I get the error: - LDAP : Bad search filter (LDAPERR 87) (ARERR 3377) Any idea? Thank you in advance, Sergio Tomillero ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: ARDBC LDAP Active Directory question
Fred, How do you add the OU to the vendor form query string, I added mine and I am getting an error? ARS 7.5, ITMS 7.5, Windows 2003 Kevin On Tue, Dec 29, 2009 at 4:51 PM, Drew Shuller d...@io.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 3:44 PM, Drew Shuller drew.shul...@gmail.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 2:53 PM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP
Re: ARDBC LDAP Active Directory question
It should go something like this (in this case I am looking at an OU of: User Accounts): ldap://host/OU=User Accounts,DC=www,DC=mycompany,DC=net??sub?(objectclass=user) Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Kevin Begosh Sent: Wednesday, December 30, 2009 8:38 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question ** Fred, How do you add the OU to the vendor form query string, I added mine and I am getting an error? ARS 7.5, ITMS 7.5, Windows 2003 Kevin On Tue, Dec 29, 2009 at 4:51 PM, Drew Shuller d...@io.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 3:44 PM, Drew Shuller wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 2:53 PM, Grooms, Frederick W wrote: I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action
Re: ARDBC LDAP Active Directory question
okay so all the OU's would go before the DC's, thanks. I was trying it the other way around. Kevin On Wed, Dec 30, 2009 at 11:02 AM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: It should go something like this (in this case I am looking at an OU of: User Accounts): ldap://host/OU=User Accounts,DC=www,DC=mycompany,DC=net??sub?(objectclass=user) Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Kevin Begosh Sent: Wednesday, December 30, 2009 8:38 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question ** Fred, How do you add the OU to the vendor form query string, I added mine and I am getting an error? ARS 7.5, ITMS 7.5, Windows 2003 Kevin On Tue, Dec 29, 2009 at 4:51 PM, Drew Shuller d...@io.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 3:44 PM, Drew Shuller wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 2:53 PM, Grooms, Frederick W wrote: I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go
Re: ARDBC LDAP Active Directory question
Use a tool like LDP and see what the distinguishedName is for a user and that will tell you how it is laid out in your tree. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Kevin Begosh Sent: Wednesday, December 30, 2009 10:36 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question ** okay so all the OU's would go before the DC's, thanks. I was trying it the other way around. Kevin On Wed, Dec 30, 2009 at 11:02 AM, Grooms, Frederick W wrote: It should go something like this (in this case I am looking at an OU of: User Accounts): ldap://host/OU=User Accounts,DC=www,DC=mycompany,DC=net??sub?(objectclass=user) Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Kevin Begosh Sent: Wednesday, December 30, 2009 8:38 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question ** Fred, How do you add the OU to the vendor form query string, I added mine and I am getting an error? ARS 7.5, ITMS 7.5, Windows 2003 Kevin On Tue, Dec 29, 2009 at 4:51 PM, Drew Shuller d...@io.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 3:44 PM, Drew Shuller wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 2:53 PM, Grooms, Frederick W wrote: I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build
Re: ARDBC LDAP Active Directory question
I have been using ADExplorer. It calls out the tree it is just a little different and backwards from the way remedy puts it in. Thanks, Kevin On Wed, Dec 30, 2009 at 11:54 AM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: Use a tool like LDP and see what the distinguishedName is for a user and that will tell you how it is laid out in your tree. -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Kevin Begosh Sent: Wednesday, December 30, 2009 10:36 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question ** okay so all the OU's would go before the DC's, thanks. I was trying it the other way around. Kevin On Wed, Dec 30, 2009 at 11:02 AM, Grooms, Frederick W wrote: It should go something like this (in this case I am looking at an OU of: User Accounts): ldap://host/OU=User Accounts,DC=www,DC=mycompany,DC=net??sub?(objectclass=user) Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Kevin Begosh Sent: Wednesday, December 30, 2009 8:38 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question ** Fred, How do you add the OU to the vendor form query string, I added mine and I am getting an error? ARS 7.5, ITMS 7.5, Windows 2003 Kevin On Tue, Dec 29, 2009 at 4:51 PM, Drew Shuller d...@io.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 3:44 PM, Drew Shuller wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 2:53 PM, Grooms, Frederick W wrote: I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return
Re: ARDBC LDAP Active Directory question
Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Active Directory question
ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Active Directory question
Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Active Directory question
Drew: Instead of using samAccountName as your RequestID, have you tried using uSNCreated? It's what I use here. Norm -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Re: ARDBC LDAP Active Directory question
I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Active Directory question
Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 3:44 PM, Drew Shuller drew.shul...@gmail.com wrote: Norm! Thanks for the help. Thanks again Fred. I tried it out in a form, it looks like it's going to work. Drew On Tue, Dec 29, 2009 at 2:53 PM, Grooms, Frederick W frederick.w.gro...@xo.com wrote: I learned not to use sAMAccountName as Request ID. I use uSNCreated (which *SHOULD BE* unique and less than 15 characters). Just use sAMAccountName as a regular field from the ActiveDirectory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 2:35 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thank you Fred, that's very helpful. After some googling I was able to generate a query using the MMC console, which was helpful in that I got to see a lot of columns of data all in one place. Thanks for the query string. My guy wanted to see what Remedy was generating...no one can see that in Remedy itself but it looks like one can figure it out and build it because an LDAP/AD query is an LDAP/AD query, so to speak. My only other problem (AD-wise that is) is the mismatch between the samAccountName attribute length and the 6.3 RequestID field length, which causes blank entries in the vendor form. Oddly enough I can see the name in the Results list but not in the fields of the form itself. I suggested that we truncate the samAccountName field to 15 characters and put the result in an unused AD attribute and then use that for the Request ID map. Any suggestions on that? Has this been handled in the Remedy versions released after the stone age? Not that I'm knocking 6.3, I kinda like it, it gives me a nice warm fuzzy. :-) Drew Soto Cano On Tue, Dec 29, 2009 at 1:39 PM, Grooms, Frederick W wrote: ldap://host[:port]/User Base??sub?(User Filter) As long as you have sub in there it should look at your user base and all sublevels (the other option I know of is one). In your Vendor Form definition you set the User Base to be the top level of your organization where you want to start searching. In my case I have it set to the root of the tree. If you turn on the plugin log to the highest level you can see the queries generated. Basically all the system is doing is to append to the ldap string the rest of your search parameters. i.e. If I put grooms in the sAMAccountName field on my LDAP vendor form the query generated is: ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?((objectclass=user)(sAMAccountName=*grooms*)) In my case the record is in the sublevel: OU=User Accounts,DC=AAA,DC=,DC=net As for tools, the 2 most common (Free ones) I know of are: Microsoft's LDP utility http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx Softerra LDAP Browser http://www.softerra.com/download.htm Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Tuesday, December 29, 2009 11:13 AM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Active Directory question Thanks Fred. So I could substitute another value in the ldap string and get further down in the tree? But not in the same form? My server guys instists that there's a query that Remedy is using to return the information in the Vendor form, but we can't see that query. Or can we? If anyone knows, please clue me in. I can create a vendor form and add every single field available, but only a few of them can be added to the results field list and the normal way of exporting records to an excel file doesn't work. How do I build queries into the AD, and what tools should I use? Drew On Mon, Dec 28, 2009 at 4:35 PM, Grooms, Frederick W wrote: Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano
ARDBC LDAP Active Directory question
Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Active Directory question
Check the Form Properties - Vendor Information tab for your form. The Table Name field needs to have the sub value in it to allow searches to go beyond the currently defined level. ldap://DNS_SERVER/DC=AAA,DC=,DC=NET??sub?(objectclass=user) The objectclass=user just restricts the results to values with user in the objectclass field, not what levels to search. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Drew Shuller Sent: Monday, December 28, 2009 3:59 PM To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Active Directory question Hello list, I've got an AD question. We search our user info using the ARDBC LDAP plugin, it looks like on the DC level, objectclass=user. Some of the information I need is one more layer down, on the OU level. Is there any way that I can get my form to do that? Drew Shuller Soto Cano ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
LDAP out of memory
Hello all, Hopefully someone can point me in the right direction... Every 2 weeks or so, I get a call from my help desk stating that they cannot log into Remedy. Once I restart the application service (AR System Server), users are able to log in again. We currently have LDAP configured to cross reference blank passwords with Active Directory. The error I see in the ARERR.log file is: Mon Nov 23 03:35:33 2009 390603 : The LDAP operation has failed : Out of memory (LDAPERR 90) (ARERR 3377) Mon Nov 23 03:35:33 2009 390603 : The LDAP operation has failed : Out of memory (LDAPERR 90) (ARERR 3377) Mon Nov 23 03:35:33 2009 390603 : The LDAP operation has failed : Out of memory (LDAPERR 90) (ARERR 3377) Mon Nov 23 03:35:33 2009 390603 : The LDAP operation has failed : Out of memory (LDAPERR 90) (ARERR 3377) Mon Nov 23 03:35:33 2009 390603 : The LDAP operation has failed : Out of memory (LDAPERR 90) (ARERR 3377) System info: ARS 7.1 P7 ITSM 7.0.03 P6 Windows 2003 SQL 2005 database AREA LDAP Config set up check one domain controller to authenticate users. Any help greatly appreciated! Marcelo ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Configuration Bind Credentials
Mark, thanks for the reply. Does anyone know of any way to work around this? We don't own our tree and they won't allow simple binds and we can't use SSL. Tim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Walters, Mark Sent: Thursday, November 19, 2009 12:17 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Configuration Bind Credentials The Remedy LDAP plugins only support simple binds for authentication. If your LDAP server does not allow this then they will not be able to connect. Mark From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Hulmes, Timothy W Mr CTR USA IMCOM [timothy.hul...@us.army.mil] Sent: 19 November 2009 18:05 To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Configuration Bind Credentials Having trouble setting the Binding setting to connect to our Active directory. All the account information has been verified and the account has access manually. The problem we get is configuring Remedy to login with the correct security settings. Using the ldp tool I need to login using the following bind options (Function Generic, Method SSPI, Synchronous checked, and Use auth. Identity checked.) With those options checked I can log in with the account via ldp. The question is how do I take those settings and configure the ARDBC LDAP Config form when I one have the option of Bind user and Bind password? Tim ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Configuration Bind Credentials
Tim, Just spitballing a few ideas Maybe... ) Write your own ARDBC connector? ) Maybe there would be a way to create an LDAP server or your own where you do an LDAP referral to get the data? (That may or may not solve your authentication problem.) Or maybe you would need to replicate the data to your LDAP server? -- Carey Matthew Black BMC Remedy AR System Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap Pick two. On Fri, Nov 20, 2009 at 10:13 AM, Hulmes, Timothy W Mr CTR USA IMCOM timothy.hul...@us.army.mil wrote: Mark, thanks for the reply. Does anyone know of any way to work around this? We don't own our tree and they won't allow simple binds and we can't use SSL. Tim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Walters, Mark Sent: Thursday, November 19, 2009 12:17 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Configuration Bind Credentials The Remedy LDAP plugins only support simple binds for authentication. If your LDAP server does not allow this then they will not be able to connect. Mark From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Hulmes, Timothy W Mr CTR USA IMCOM [timothy.hul...@us.army.mil] Sent: 19 November 2009 18:05 To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Configuration Bind Credentials Having trouble setting the Binding setting to connect to our Active directory. All the account information has been verified and the account has access manually. The problem we get is configuring Remedy to login with the correct security settings. Using the ldp tool I need to login using the following bind options (Function Generic, Method SSPI, Synchronous checked, and Use auth. Identity checked.) With those options checked I can log in with the account via ldp. The question is how do I take those settings and configure the ARDBC LDAP Config form when I one have the option of Bind user and Bind password? Tim ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Configuration Bind Credentials
Tim, As suggested by Carey you'll either need some sort of proxy in front of the LDAP server that will allow ARS to connect and get the data or write your own that supports the necessary options. I'd also recommend you raise an RFE with BMC to get improved security added to the out-of-the-box plugins. Mark -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Hulmes, Timothy W Mr CTR USA IMCOM Sent: 20 November 2009 15:13 To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Configuration Bind Credentials Mark, thanks for the reply. Does anyone know of any way to work around this? We don't own our tree and they won't allow simple binds and we can't use SSL. Tim -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Walters, Mark Sent: Thursday, November 19, 2009 12:17 PM To: arslist@ARSLIST.ORG Subject: Re: ARDBC LDAP Configuration Bind Credentials The Remedy LDAP plugins only support simple binds for authentication. If your LDAP server does not allow this then they will not be able to connect. Mark From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Hulmes, Timothy W Mr CTR USA IMCOM [timothy.hul...@us.army.mil] Sent: 19 November 2009 18:05 To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Configuration Bind Credentials Having trouble setting the Binding setting to connect to our Active directory. All the account information has been verified and the account has access manually. The problem we get is configuring Remedy to login with the correct security settings. Using the ldp tool I need to login using the following bind options (Function Generic, Method SSPI, Synchronous checked, and Use auth. Identity checked.) With those options checked I can log in with the account via ldp. The question is how do I take those settings and configure the ARDBC LDAP Config form when I one have the option of Bind user and Bind password? Tim ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
ARDBC LDAP Configuration Bind Credentials
Having trouble setting the Binding setting to connect to our Active directory. All the account information has been verified and the account has access manually. The problem we get is configuring Remedy to login with the correct security settings. Using the ldp tool I need to login using the following bind options (Function Generic, Method SSPI, Synchronous checked, and Use auth. Identity checked.) With those options checked I can log in with the account via ldp. The question is how do I take those settings and configure the ARDBC LDAP Config form when I one have the option of Bind user and Bind password? Tim ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARDBC LDAP Configuration Bind Credentials
The Remedy LDAP plugins only support simple binds for authentication. If your LDAP server does not allow this then they will not be able to connect. Mark From: Action Request System discussion list(ARSList) [arsl...@arslist.org] On Behalf Of Hulmes, Timothy W Mr CTR USA IMCOM [timothy.hul...@us.army.mil] Sent: 19 November 2009 18:05 To: arslist@ARSLIST.ORG Subject: ARDBC LDAP Configuration Bind Credentials Having trouble setting the Binding setting to connect to our Active directory. All the account information has been verified and the account has access manually. The problem we get is configuring Remedy to login with the correct security settings. Using the ldp tool I need to login using the following bind options (Function Generic, Method SSPI, Synchronous checked, and Use auth. Identity checked.) With those options checked I can log in with the account via ldp. The question is how do I take those settings and configure the ARDBC LDAP Config form when I one have the option of Bind user and Bind password? Tim ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: AREA LDAP plug-in
We have the same setup and using a single hostname eventually came back to bite us when someone decommissioned the server without telling us. I don't think there is a way to run multiple plugins, but what we did was use a load-balanced virtual IP in place of a host name. This way the DCs can change at will as long the new ones are added to the load balancer. It also eliminated us from having to maintain a list of active DCs. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Philip, Saji L Sent: Thursday, November 05, 2009 8:52 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP plug-in ** This is probably an old question. But I am running ARS 6.3 with Help Desk 6.0. We are in the process of authenticating logins using the AREA LDAP plug-in. We have multiple Domain Controllers in our AD environment, and I would like to know if I can create more then one plug-in with different ' Host Names '? And if I can create multiple Group bases. Thanks _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
LDAP Question
Happy Halloween, We use Active Directory to authenticate and new servers are being brought online. Everything else being the same, looking in the configuration manual, all I need to do is change the Host Name in the AREA LDAP Configuration Form. If I make the change there, do I need to restart the server? Are there any other changes that need to be made? If so, where and in what order? Thanks Mark Mark Brittain Remedy Developer NaviSite mbritt...@navisite.commailto:mbritt...@navisite.com (315) 453-2912 x5418 (Phone) (315) 317.2897 (Cell) Reduce Cost of IT with Managed Hosting and Application Services from NaviSite. Visit www.NaviSite.com Today. This e-mail is the property of NaviSite, Inc. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail, or the information contained herein, to anyone other than the intended recipient is prohibited. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: LDAP Question
Restart the AR Service because the information needs to push to your AR.cfg file which will rebuild and load on a restart. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Brittain, Mark Sent: Friday, October 30, 2009 1:50 PM To: arslist@ARSLIST.ORG Subject: LDAP Question ** Happy Halloween, We use Active Directory to authenticate and new servers are being brought online. Everything else being the same, looking in the configuration manual, all I need to do is change the Host Name in the AREA LDAP Configuration Form. If I make the change there, do I need to restart the server? Are there any other changes that need to be made? If so, where and in what order? Thanks Mark Mark Brittain Remedy Developer NaviSite mbritt...@navisite.com (315) 453-2912 x5418 (Phone) (315) 317.2897 (Cell) Reduce Cost of IT with Managed Hosting and Application Services from NaviSite. Visit www.NaviSite.com Today. This e-mail is the property of NaviSite, Inc. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail, or the information contained herein, to anyone other than the intended recipient is prohibited. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: LDAP Question
If you want to be able to look across multiple AD configurations and are using ARS 7 or later you can list multiple entries. -Original Message- From: Brittain, Mark mbritt...@navisite.com To: arslist@ARSLIST.ORG Sent: Fri, Oct 30, 2009 2:50 pm Subject: LDAP Question ** Happy Halloween, We use Active Directory to authenticate and new servers are being brought online. Everything else being the same, looking in the configuration manual, all I need to do is change the Host Name in the AREA LDAP Configuration Form. If I make the change there, do I need to restart the server? Are there any other changes that need to be made? If so, where and in what order? Thanks Mark Mark Brittain Remedy Developer NaviSite mbritt...@navisite.com (315) 453-2912 x5418 (Phone) (315) 317.2897 (Cell) Reduce Cost of IT with Managed Hosting and Application Services from NaviSite. Visit www.NaviSite.com Today. This e-mail is the property of NaviSite, Inc. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail, or the information contained herein, to anyone other than the intended recipient is prohibited. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
LDAP/AD Integration Tool
A while back I saw a post about a tool that assists with LDAP/AD integration with Remedy. I cannot seem to find it anymore. If anyone is aware of this or any other add-on tool I would appreciate your assistance. Thanks, Mark ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Help: LDAP authenticated users(admins) do not see User Form - RESOLVED
AREA-LDAP-Use-Groups: 0 AREA-LDAP-Group-Default: Public : Igor Ivanov - DBC, Inc. : Remedy Skilled Prof : office 703-605-1837 : home 703-979-0514 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
LDAP Vendor Form Table Question
I am resubmitting as I didn't hear anything on this, and hope 2nd time is a charm. I have yet to find anything to help me understand the variables available in vendor form table names. Thanks, Mark From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Mark Lev Sent: Thursday, September 03, 2009 10:17 AM To: arslist@ARSLIST.ORG Subject: LDAP Vendor Form Table Question ** I was poking around in 7.5 OOB vendor forms, and I came across this as the Table name in one of their LDAP vendor forms. ldap://LDAP_DIRECTORY_SERVICE_HOST/BASE_DN??sub?(objectclass=group) My question is, are the values OOB variables, or do these need to be defined? I have the LDAP configurations configured and working properly. I have been populating these values, and if these variable references work, that would be a much better way to do things. I will trial and error, but if someone can better explain, or point me to where this is in documentation, that would be great. Also, is this same in 7.x, or new to 7.5? Thanks, Mark _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: LDAP Vendor Form Table Question
The table name you are referring to in the LDAP Vendor Form is an LDAP search string and is unique to each installation of an LDAP directory service (which is supported by Microsoft's Active Directory). The LDAP_DIRECTORY_SERVICE_HOST could be a Domain Controller server in your organization or an alias to the Active Directory tree. The BASE_DN is where you want to start in the Active Directory tree. The LDAP integration has been around since ARS 5.1. A free tool to look at your LDAP directory is the Softerra LDAP Browser: http://www.softerra.com/download.htm Another free tool is in the Microsoft Support Tools and is called LDP. The values in the Table names of a Vendor form are specific to that Vendor plugin for the ARS server. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Mark Lev Sent: Thursday, September 10, 2009 10:01 AM To: arslist@ARSLIST.ORG Subject: LDAP Vendor Form Table Question ** I am resubmitting as I didn't hear anything on this, and hope 2nd time is a charm. I have yet to find anything to help me understand the variables available in vendor form table names. Thanks, Mark -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Mark Lev Sent: Thursday, September 03, 2009 10:17 AM To: arslist@ARSLIST.ORG Subject: LDAP Vendor Form Table Question ** I was poking around in 7.5 OOB vendor forms, and I came across this as the Table name in one of their LDAP vendor forms. ldap://LDAP_DIRECTORY_SERVICE_HOST/BASE_DN??sub?(objectclass=group) My question is, are the values OOB variables, or do these need to be defined? I have the LDAP configurations configured and working properly. I have been populating these values, and if these variable references work, that would be a much better way to do things. I will trial and error, but if someone can better explain, or point me to where this is in documentation, that would be great. Also, is this same in 7.x, or new to 7.5? Thanks, Mark ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Help: LDAP authenticated users(admins) do not see User Form
Hello, list ARS 6.0.3 p25 moved ARSystem from win2000 MS SQL 2000 to win2003sp2 MS SQL2005sp3 AREA and ARDBC config was not changed. the same config on DEV and COOP server and no such problem. DSO and eMail services OK. arplugin.log OK: Queue: Prv: 10005 Client-RPC: 99 /* Thu Sep 10 2009 08:48:08.5580 */ Plug-In Trace Log -- ON Queue: AREA Client-RPC: 390695 /* Thu Sep 10 2009 08:48:31.2100 */ +VLAREAVerifyLoginCallback -- user remldapuser Queue: AREA Client-RPC: 390695 /* Thu Sep 10 2009 08:48:31.2410 */ -VL OK Queue: AREA Client-RPC: 390695 /* Thu Sep 10 2009 08:48:31.2410 */ +NSAREANeedToSyncCallback Queue: AREA Client-RPC: 390695 /* Thu Sep 10 2009 08:48:31.2410 */ -NS OK -- 0 Queue: AREA Client-RPC: 390695 /* Thu Sep 10 2009 08:48:49.2310 */ +NSAREANeedToSyncCallback Queue: AREA Client-RPC: 390695 /* Thu Sep 10 2009 08:48:49.2310 */ -NS OK -- 0 Queue: Prv: 10005 Client-RPC: 99 /* Thu Sep 10 2009 08:49:11.0700 */ Plug-In Trace Log -- OFF But problem is the User Form not visible (even for Administrator logged in with LDAP). User see only about 10 forms: Alert List, LDAP config forms, ARS Admin and User Pref, Report forms.) After switching to ARS password all works fine. All LDAP authenticated Users affected. They lost access to all applications (based on Groups membership) Checked User Form (has Public permission). It looks strange to me: arapi.log, it has no User name, but IP address, and Unidentified Client (protocol 11) : API TID: 004436 RPC ID: 433403 Queue: Admin Client-RPC: 390600USER: 159.142.139.101/* Thu Sep 10 2009 08:48:31.2100 */+GEIARGetEncryptInfo -- as user from Unidentified Client (protocol 11) at IP address API TID: 004436 RPC ID: 433403 Queue: Admin Client-RPC: 390600USER: 159.142.139.101/* Thu Sep 10 2009 08:48:31.2100 */-GEI OK API TID: 004436 RPC ID: 433404 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2100 */+GSIARGetServerInfo -- as user remldapuser from Remedy Administrator (protocol 11) at IP address 159.142.139.101 API TID: 004436 RPC ID: 433404 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2100 */-GSI OK API TID: 004436 RPC ID: 433405 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2100 */+GSIARGetServerInfo -- as user remldapuser from Remedy Administrator (protocol 11) at IP address 159.142.139.101 API TID: 004436 RPC ID: 433405 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2410 */-GSI OK API TID: 004436 RPC ID: 433406 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2410 */+VERARVerifyUser -- user remldapuser from Remedy Administrator (protocol 11) at IP address 159.142.139.101 API TID: 004436 RPC ID: 433406 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2410 */-VER OK API TID: 004436 RPC ID: 433407 Queue: Admin Client-RPC: 390600USER: 159.142.139.101/* Thu Sep 10 2009 08:48:31.2880 */+GEIARGetEncryptInfo -- as user from Unidentified Client (protocol 11) at IP address API TID: 004436 RPC ID: 433407 Queue: Admin Client-RPC: 390600USER: 159.142.139.101/* Thu Sep 10 2009 08:48:31.2880 */-GEI OK API TID: 004436 RPC ID: 433408 Queue: Admin Client-RPC: 390600USER: remldapuser/* Thu Sep 10 2009 08:48:31.2880 */+GSIARGetServerInfo -- as user remldapuser from Remedy Administrator (protocol 11) at IP address 159.142.139.101 Please, help I've just submitted Support ticket. thanks : Igor Ivanov - DBC, Inc. : Remedy Skilled Proff. : office 703-605-1837 : home 703-979-0514 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
ARDBC LDAP with SSL
Hello Listers, ARS 7.1 Patch 4 MS SQL Server 2005 MS Windows 2003 Enterprise I am trying to get the ARDBC Configuration set up to our AD with SSL. I tried to install Netscape 4.7 but got an error, something about not being the proper machine type. Is there any workaround to get a Vendor form connected to the Active Directory so it can connect securely? Thanks, --- John J. Reiser Senior Software Development Analyst Remedy Administrator/Developer Lockheed Martin - MS2 The star that burns twice as bright burns half as long. Pay close attention and be illuminated by its brilliance. - paraphrased by me ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
LDAP Vendor Form Table Question
I was poking around in 7.5 OOB vendor forms, and I came across this as the Table name in one of their LDAP vendor forms. ldap://LDAP_DIRECTORY_SERVICE_HOST/BASE_DN??sub?(objectclass=group) My question is, are the values OOB variables, or do these need to be defined? I have the LDAP configurations configured and working properly. I have been populating these values, and if these variable references work, that would be a much better way to do things. I will trial and error, but if someone can better explain, or point me to where this is in documentation, that would be great. Also, is this same in 7.x, or new to 7.5? Thanks, Mark ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another SOLVED
My mistake. I exported the ARDBC LDAP Configuration form our test server and imported it into the live server. But I just exported the form. I needed to check Add All Related. Thank you, Pawan of BMC support for figuring it out! (And thanks again, Axton, for your input.) Dwayne From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, August 28, 2009 3:14 PM To: arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** Then all you should need is this in the ar.conf: Plugin: /path/to/remedy/plugin/ardbcldap.so Then restart the plugin server. Enable the plugin logs and make sure the plugin is loaded properly. Axton Grams On Fri, Aug 28, 2009 at 1:24 PM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** Just - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form. Dwayne From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Axton Sent: Friday, August 28, 2009 2:09 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** What all plugin(s) are you trying to move over? - AREA LDAP for authentication - AREA HUB to handle multiple authentication sources - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form - ARDBC CONF to handle the configuration of the pre-built AREA plugin If you are trying to do the AREA authentication using the pre-built plugins, you need both the AREA LDAP plugin and the ARDBC CONF plugin. In addition to this, you will need to move the AREA LDAP Configuration and Configuration ARDBC forms for the AREA configuration form to work properly. Axton Grams On Fri, Aug 28, 2009 at 11:27 AM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** I should also add that ardbcldap.so is in /opt/remedy/bin in both servers, and both ar.conf files have Plugin: /opt/remedy/bin/ardbcldap.so lines Dwayne From: Robert D Martin Sent: Friday, August 28, 2009 12:19 PM To: 'arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG' Subject: RE: Copying AREA LDAP Plugin from one server to another Thanks, Axton. I should have included that in my email. The ar.conf files are identical, at least all the lines that start with AREA-LDAP. Dwayne From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Axton Sent: Friday, August 28, 2009 10:46 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn't think we needed the AREA LDAP Plugin. But now we do, and we don't want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We've copied over arealdap.so and ardbcconf.so, but when we try to create a new Vendor form, ARSYS.ARDBC.LDAP isn't on the list of Available Vendor Names. (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Copying AREA LDAP Plugin from one server to another
Dear List, We installed ARS 7.1 on our live system, and at the time we didn't think we needed the AREA LDAP Plugin. But now we do, and we don't want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We've copied over arealdap.so and ardbcconf.so, but when we try to create a new Vendor form, ARSYS.ARDBC.LDAP isn't on the list of Available Vendor Names. (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another
You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn’t think we needed the AREA LDAP Plugin. But now we do, and we don’t want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We’ve copied over “arealdap.so” and “ardbcconf.so”, but when we try to create a new Vendor form, “ARSYS.ARDBC.LDAP” isn’t on the list of “Available Vendor Names.” (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another
Thanks, Axton. I should have included that in my email. The ar.conf files are identical, at least all the lines that start with AREA-LDAP. Dwayne From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, August 28, 2009 10:46 AM To: arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn't think we needed the AREA LDAP Plugin. But now we do, and we don't want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We've copied over arealdap.so and ardbcconf.so, but when we try to create a new Vendor form, ARSYS.ARDBC.LDAP isn't on the list of Available Vendor Names. (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another
I should also add that ardbcldap.so is in /opt/remedy/bin in both servers, and both ar.conf files have Plugin: /opt/remedy/bin/ardbcldap.so lines Dwayne From: Robert D Martin Sent: Friday, August 28, 2009 12:19 PM To: 'arslist@ARSLIST.ORG' Subject: RE: Copying AREA LDAP Plugin from one server to another Thanks, Axton. I should have included that in my email. The ar.conf files are identical, at least all the lines that start with AREA-LDAP. Dwayne From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, August 28, 2009 10:46 AM To: arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn't think we needed the AREA LDAP Plugin. But now we do, and we don't want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We've copied over arealdap.so and ardbcconf.so, but when we try to create a new Vendor form, ARSYS.ARDBC.LDAP isn't on the list of Available Vendor Names. (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another
What all plugin(s) are you trying to move over? - AREA LDAP for authentication - AREA HUB to handle multiple authentication sources - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form - ARDBC CONF to handle the configuration of the pre-built AREA plugin If you are trying to do the AREA authentication using the pre-built plugins, you need both the AREA LDAP plugin and the ARDBC CONF plugin. In addition to this, you will need to move the AREA LDAP Configuration and Configuration ARDBC forms for the AREA configuration form to work properly. Axton Grams On Fri, Aug 28, 2009 at 11:27 AM, Robert D Martin marti...@jmu.edu wrote: ** I should also add that “ardbcldap.so” is in “ /opt/remedy/bin” in both servers, and both ar.conf files have “Plugin: /opt/remedy/bin/ardbcldap.so” lines Dwayne *From:* Robert D Martin *Sent:* Friday, August 28, 2009 12:19 PM *To:* 'arslist@ARSLIST.ORG' *Subject:* RE: Copying AREA LDAP Plugin from one server to another Thanks, Axton. I should have included that in my email. The ar.conf files are identical, at least all the lines that start with “AREA-LDAP.” Dwayne *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Friday, August 28, 2009 10:46 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Copying AREA LDAP Plugin from one server to another ** You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn’t think we needed the AREA LDAP Plugin. But now we do, and we don’t want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We’ve copied over “arealdap.so” and “ardbcconf.so”, but when we try to create a new Vendor form, “ARSYS.ARDBC.LDAP” isn’t on the list of “Available Vendor Names.” (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another
Just - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form. Dwayne From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, August 28, 2009 2:09 PM To: arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** What all plugin(s) are you trying to move over? - AREA LDAP for authentication - AREA HUB to handle multiple authentication sources - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form - ARDBC CONF to handle the configuration of the pre-built AREA plugin If you are trying to do the AREA authentication using the pre-built plugins, you need both the AREA LDAP plugin and the ARDBC CONF plugin. In addition to this, you will need to move the AREA LDAP Configuration and Configuration ARDBC forms for the AREA configuration form to work properly. Axton Grams On Fri, Aug 28, 2009 at 11:27 AM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** I should also add that ardbcldap.so is in /opt/remedy/bin in both servers, and both ar.conf files have Plugin: /opt/remedy/bin/ardbcldap.so lines Dwayne From: Robert D Martin Sent: Friday, August 28, 2009 12:19 PM To: 'arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG' Subject: RE: Copying AREA LDAP Plugin from one server to another Thanks, Axton. I should have included that in my email. The ar.conf files are identical, at least all the lines that start with AREA-LDAP. Dwayne From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Axton Sent: Friday, August 28, 2009 10:46 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: Copying AREA LDAP Plugin from one server to another ** You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edumailto:marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn't think we needed the AREA LDAP Plugin. But now we do, and we don't want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We've copied over arealdap.so and ardbcconf.so, but when we try to create a new Vendor form, ARSYS.ARDBC.LDAP isn't on the list of Available Vendor Names. (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Copying AREA LDAP Plugin from one server to another
Then all you should need is this in the ar.conf: Plugin: /path/to/remedy/plugin/ardbcldap.so Then restart the plugin server. Enable the plugin logs and make sure the plugin is loaded properly. Axton Grams On Fri, Aug 28, 2009 at 1:24 PM, Robert D Martin marti...@jmu.edu wrote: ** Just - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form. Dwayne *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Friday, August 28, 2009 2:09 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: Copying AREA LDAP Plugin from one server to another ** What all plugin(s) are you trying to move over? - AREA LDAP for authentication - AREA HUB to handle multiple authentication sources - ARDBC LDAP to handle reading data from an LDAP store via a Vendor form - ARDBC CONF to handle the configuration of the pre-built AREA plugin If you are trying to do the AREA authentication using the pre-built plugins, you need both the AREA LDAP plugin and the ARDBC CONF plugin. In addition to this, you will need to move the AREA LDAP Configuration and Configuration ARDBC forms for the AREA configuration form to work properly. Axton Grams On Fri, Aug 28, 2009 at 11:27 AM, Robert D Martin marti...@jmu.edu wrote: ** I should also add that “ardbcldap.so” is in “ /opt/remedy/bin” in both servers, and both ar.conf files have “Plugin: /opt/remedy/bin/ardbcldap.so” lines Dwayne *From:* Robert D Martin *Sent:* Friday, August 28, 2009 12:19 PM *To:* 'arslist@ARSLIST.ORG' *Subject:* RE: Copying AREA LDAP Plugin from one server to another Thanks, Axton. I should have included that in my email. The ar.conf files are identical, at least all the lines that start with “AREA-LDAP.” Dwayne *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Friday, August 28, 2009 10:46 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Copying AREA LDAP Plugin from one server to another ** You have to register the plugin in ar.conf. Take a look at your source server and target server to identify the lines that are missing. Axton Grams On Fri, Aug 28, 2009 at 9:39 AM, Robert D Martin marti...@jmu.edu wrote: ** Dear List, We installed ARS 7.1 on our live system, and at the time we didn’t think we needed the AREA LDAP Plugin. But now we do, and we don’t want to do a re-install because of the risk that something will go wrong. But we do have the Plugin installed on our test arsystem. Is it possible to copy objects and data from the test system over to the live system? If so, what all needs to be moved and configured? We’ve copied over “arealdap.so” and “ardbcconf.so”, but when we try to create a new Vendor form, “ARSYS.ARDBC.LDAP” isn’t on the list of “Available Vendor Names.” (In fact, the choices that were there are gone, which means that we have messed something up.) Any advice? (ARS 7.1, RH Linux server, Oracle 10.2 db) _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Weird Unicode error in remedy when querying AD via the LDAP and a vendor form
ARERR [9062] Error encountered during string conversion from Unicode : string ;yêÇÕáB¬bÛã=·Ø Remedy 6.3 (no patch) Windows/Sql Server Has anyone seen the above error message when querying AD? Is there a fix that doesn't involve patching? It only happens on some accounts, but on those accounts that it happens, it happens every time for those accounts. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form
Does the user's name perhaps contain a character that Remedy can't read? For example, if you have installed the English language pack, but not the Japanese language pack, and the user has a Japanese character in his or her name, an error of this sort might occur. Jennifer Meyer Remedy Technical Support Specialist State of North Carolina Office of Information Technology Services Service Delivery Division ITSM ITAM Services Office: 919-754-6543 ITS Service Desk: 919-754-6000 jennifer.me...@its.nc.govmailto:jennifer.me...@its.nc.gov http://its.state.nc.ushttp://its.state.nc.us/ E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties only by an authorized State Official. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Opela, Gary L CTR USAF AFMC 72 CS/SCBAH Sent: Monday, August 24, 2009 11:48 AM To: arslist@ARSLIST.ORG Subject: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ARERR [9062] Error encountered during string conversion from Unicode : string ;yêÇÕáB¬bÛã=·Ø Remedy 6.3 (no patch) Windows/Sql Server Has anyone seen the above error message when querying AD? Is there a fix that doesn't involve patching? It only happens on some accounts, but on those accounts that it happens, it happens every time for those accounts. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form
Nope, standard American name (whatever that is these days). Nothing special. We even checked all of the Unicode fields in AD to make sure there weren't any bazaar characters in there. There was one field with a bazaar character, so we left that field off of the vendor form, but it still had the same error. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Meyer, Jennifer L Sent: Monday, August 24, 2009 11:00 AM To: arslist@ARSLIST.ORG Subject: Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ** Does the user's name perhaps contain a character that Remedy can't read? For example, if you have installed the English language pack, but not the Japanese language pack, and the user has a Japanese character in his or her name, an error of this sort might occur. Jennifer Meyer Remedy Technical Support Specialist State of North Carolina Office of Information Technology Services Service Delivery Division ITSM ITAM Services Office: 919-754-6543 ITS Service Desk: 919-754-6000 jennifer.me...@its.nc.gov http://its.state.nc.us http://its.state.nc.us/ E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties only by an authorized State Official. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Opela, Gary L CTR USAF AFMC 72 CS/SCBAH Sent: Monday, August 24, 2009 11:48 AM To: arslist@ARSLIST.ORG Subject: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ARERR [9062] Error encountered during string conversion from Unicode : string ;yêÇÕáB¬bÛã=·Ø Remedy 6.3 (no patch) Windows/Sql Server Has anyone seen the above error message when querying AD? Is there a fix that doesn't involve patching? It only happens on some accounts, but on those accounts that it happens, it happens every time for those accounts. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are__Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form
I don't have an answer for Gary's question, but wanted to point out that you shouldn't need to install a foreign language pack in order to handle foreign characters. Remedy's ability to handle foreign characters depends entirely on it being set up for Unicode. However, Gary, does this happen with any (e.g., all, most, some) record, or just a specific one? What kind of field is it querying in AD? Lyle From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Meyer, Jennifer L Sent: Monday, August 24, 2009 10:00 AM To: arslist@ARSLIST.ORG Subject: Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ** Does the user's name perhaps contain a character that Remedy can't read? For example, if you have installed the English language pack, but not the Japanese language pack, and the user has a Japanese character in his or her name, an error of this sort might occur. Jennifer Meyer Remedy Technical Support Specialist State of North Carolina Office of Information Technology Services Service Delivery Division ITSM ITAM Services Office: 919-754-6543 ITS Service Desk: 919-754-6000 jennifer.me...@its.nc.govmailto:jennifer.me...@its.nc.gov http://its.state.nc.ushttp://its.state.nc.us/ E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties only by an authorized State Official. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Opela, Gary L CTR USAF AFMC 72 CS/SCBAH Sent: Monday, August 24, 2009 11:48 AM To: arslist@ARSLIST.ORG Subject: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ARERR [9062] Error encountered during string conversion from Unicode : string ;yêÇÕáB¬bÛã=·Ø Remedy 6.3 (no patch) Windows/Sql Server Has anyone seen the above error message when querying AD? Is there a fix that doesn't involve patching? It only happens on some accounts, but on those accounts that it happens, it happens every time for those accounts. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are__Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form
6.3 does not support multiple localizations; back then a separate arserver was required for each localization set, though every localization set supported english. This may not even be a case of Unicode data. You can get garbage like that when applications perform illegal memory operations. Take a network dump of the ldap communication, examine all the data sent back to remedy, see if anything being sent exceeds the limits that Remedy supports (email address, login name, password, group list, notification method, etc.). If this is the case, the only recourse you really have is to upgrade the plugin, play with the available config parameters to avoid the data causing the issue, or write your own ldap area plugin. The libumem slab allocator on Solaris makes it easy to identify these types of memory issues... Not sure what options, if any, are available on Windows. Maybe someone can enlighten me. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Mon, Aug 24, 2009 at 11:38 AM, Lyle Taylor tayl...@ldschurch.org wrote: ** I don’t have an answer for Gary’s question, but wanted to point out that you shouldn’t need to install a foreign language pack in order to handle foreign characters. Remedy’s ability to handle foreign characters depends entirely on it being set up for Unicode. However, *Gary*, does this happen with any (e.g., all, most, some) record, or just a specific one? What kind of field is it querying in AD? Lyle *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Meyer, Jennifer L *Sent:* Monday, August 24, 2009 10:00 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ** Does the user’s name perhaps contain a character that Remedy can’t read? For example, if you have installed the English language pack, but not the Japanese language pack, and the user has a Japanese character in his or her name, an error of this sort might occur. Jennifer Meyer Remedy Technical Support Specialist State of North Carolina Office of Information Technology Services Service Delivery Division ITSM ITAM Services Office: 919-754-6543 ITS Service Desk: 919-754-6000 jennifer.me...@its.nc.gov http://its.state.nc.us E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties only by an authorized State Official. -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Opela, Gary L CTR USAF AFMC 72 CS/SCBAH *Sent:* Monday, August 24, 2009 11:48 AM *To:* arslist@ARSLIST.ORG *Subject:* Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ARERR [9062] Error encountered during string conversion from Unicode : string ;yêÇÕáB¬b Ûã=·Ø Remedy 6.3 (no patch) Windows/Sql Server Has anyone seen the above error message when querying AD? Is there a fix that doesn’t involve patching? It only happens on some accounts, but on those accounts that it happens, it happens every time for those accounts. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are__Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form
That's right - I forgot about that that was the case with 6.3 (my time with 6.3 was limited - fortunately...). Thanks for the correction, Axton. Lyle From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Monday, August 24, 2009 3:07 PM To: arslist@ARSLIST.ORG Subject: Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ** 6.3 does not support multiple localizations; back then a separate arserver was required for each localization set, though every localization set supported english. This may not even be a case of Unicode data. You can get garbage like that when applications perform illegal memory operations. Take a network dump of the ldap communication, examine all the data sent back to remedy, see if anything being sent exceeds the limits that Remedy supports (email address, login name, password, group list, notification method, etc.). If this is the case, the only recourse you really have is to upgrade the plugin, play with the available config parameters to avoid the data causing the issue, or write your own ldap area plugin. The libumem slab allocator on Solaris makes it easy to identify these types of memory issues... Not sure what options, if any, are available on Windows. Maybe someone can enlighten me. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Mon, Aug 24, 2009 at 11:38 AM, Lyle Taylor tayl...@ldschurch.orgmailto:tayl...@ldschurch.org wrote: ** I don't have an answer for Gary's question, but wanted to point out that you shouldn't need to install a foreign language pack in order to handle foreign characters. Remedy's ability to handle foreign characters depends entirely on it being set up for Unicode. However, Gary, does this happen with any (e.g., all, most, some) record, or just a specific one? What kind of field is it querying in AD? Lyle From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Meyer, Jennifer L Sent: Monday, August 24, 2009 10:00 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ** Does the user's name perhaps contain a character that Remedy can't read? For example, if you have installed the English language pack, but not the Japanese language pack, and the user has a Japanese character in his or her name, an error of this sort might occur. Jennifer Meyer Remedy Technical Support Specialist State of North Carolina Office of Information Technology Services Service Delivery Division ITSM ITAM Services Office: 919-754-6543 ITS Service Desk: 919-754-6000 jennifer.me...@its.nc.govmailto:jennifer.me...@its.nc.gov http://its.state.nc.ushttp://its.state.nc.us/ E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties only by an authorized State Official. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Opela, Gary L CTR USAF AFMC 72 CS/SCBAH Sent: Monday, August 24, 2009 11:48 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Weird Unicode error in remedy when querying AD via the LDAP and a vendor form ARERR [9062] Error encountered during string conversion from Unicode : string ;yêÇÕáB¬b Ûã=·Ø Remedy 6.3 (no patch) Windows/Sql Server Has anyone seen the above error message when querying AD? Is there a fix that doesn't involve patching? It only happens on some accounts, but on those accounts that it happens, it happens every time for those accounts. Thanks, Gary Opela, Jr. Sr. Remedy Engineer Avaya Phone Admin RSP Cert, Sec+ 405 739 7006 x30043 _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are__Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access
Does the LDAP Search Tool Work?
Does the LDAP search tool actually do anything besides throw off errors? Has anyone ever got anything useful out of it? -scott philben ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Does the LDAP Search Tool Work?
Can I get a bit of clarification on what you are referring to when talking about 'LDAP Search Tool'? -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of SCOTT PHILBEN Sent: Friday, August 14, 2009 11:09 AM To: arslist@ARSLIST.ORG Subject: Does the LDAP Search Tool Work? Does the LDAP search tool actually do anything besides throw off errors? Has anyone ever got anything useful out of it? -scott philben ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: ARS 7.1 LDAP Queries for Active Directory
Hi Shawn, We build an app within Remedy to add/remove groups for users. It is a mixture of LDAP vendor forms, custom SQL tables, view forms, and some Windows vbs scripts. Basically we have a DO form with two table fields. One table field uses an AD vendor form to list/search all AD groups. There is a character field to enter the AD username and a button that runs a vbs script to fetch the user's current groups and insert them into a custom SQL table. The second table field refreshes showing the current groups using a view form of the custom table. Now you can double click on a row in either table to drop the selection into corresponding zTmp add or remove character fields. When you push a button to update the user's groups either the script to add, remove, or both scripts are run to perform the update in AD. At this time the column that held the user's groups is cleared and the another table for auditing is updated with the user who was affected, who perform the action and the groups that were added/removed. HTH, Jason On Tue, Aug 11, 2009 at 1:42 PM, Pierson, Shawn shawn.pier...@sug.comwrote: ** Good afternoon, We’re trying to build a Vendor form to work with Active Directory groups and I thought I’d ask the ARSlist for further assistance. We are trying to figure out 1) how to tell who the members of a group are, and 2) we want to be able to add new members to the group via the vendor form. If anyone has done this and can tell me how to accomplish it I would greatly appreciate it. Thanks, *Shawn Pierson * Remedy Developer | Southern Union Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
ARS 7.1 LDAP Queries for Active Directory
Good afternoon, We're trying to build a Vendor form to work with Active Directory groups and I thought I'd ask the ARSlist for further assistance. We are trying to figure out 1) how to tell who the members of a group are, and 2) we want to be able to add new members to the group via the vendor form. If anyone has done this and can tell me how to accomplish it I would greatly appreciate it. Thanks, Shawn Pierson Remedy Developer | Southern Union Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
A Fix For ARDBC LDAP Authentication Error
In case this saves someone time troubleshooting... ARS 6.3 Windows 2003 A couple weeks ago the server that our ARS server used for LDAP queries was shut down for good. I was not informed, and learned of it when LDAP errors began popping up in our ARS application. Changing the server to another in the ARDBC LDAP Configuration screen should have taken care of the situation. It didn't. I even bounced the server. The network account used is a service account dedicated to Remedy for accessing network resources. To get it working I entered my network credentials. Today I did some troubleshooting and found that I had to tickle the network service account to fix whatever the issue was with that account in Active Directory. The solution: Add a group permission to the network service account, save it, then remove the group permssion. This forced Active Directory to re-write the properties for the user object. It's running fine now. -- Stephen Remedy Skilled Professional ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
-RESOLVED -RE: LDAP question
Shawn, This is exactly what we were looking for. Thanks for providing the information. Thanks, Shane Buchholz From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Pierson, Shawn Sent: Friday, May 29, 2009 2:20 PM To: arslist@ARSLIST.ORG Subject: Re: LDAP question ** I built a custom Vendor form on my own so I could pull in some fields that I wanted and leave out others. Anyway, if you set up an escalation or filter to modify People data (I use a filter, with the escalation pushing to a staging form where all the transformation and other filters take place) put something like this in the Run If Criteria: ( 'userAccountControl' = 514) OR ( 'userAccountControl' = 546) OR ( 'userAccountControl' = 65538) OR ( 'userAccountControl' = 66050) At least in my organization, this is sufficient to identify accounts that should be marked Obsolete. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz Sent: Friday, May 29, 2009 2:05 PM To: arslist@ARSLIST.ORG Subject: LDAP question ** We are trying to configure Remedy to set the Profile Status to Obsolete in the CTM:People form when they have been deleted from Active Directory. The most logical approach is to use an escalation that will fire at regular intervals to keep the CTM:People form as up to date as possible, but the limitations of the workflow seem to make this impossible to do. We are using the inetorgperson form to pull data in from AD, and have an escalation that fires and creates new accounts in the CTM:People form. It recognizes new accounts, but we haven't been able to determine how to have it recognize that an account is no longer in AD. Please let me know if this is even possible, and if so what the best approach is. ARS 7.1 ITSM 7.1 SQL Server 2005 Windows Server 2003 Thanks, Shane Buchholz Information Security Specialist Account Services - Information Services Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
LDAP question
We are trying to configure Remedy to set the Profile Status to Obsolete in the CTM:People form when they have been deleted from Active Directory. The most logical approach is to use an escalation that will fire at regular intervals to keep the CTM:People form as up to date as possible, but the limitations of the workflow seem to make this impossible to do. We are using the inetorgperson form to pull data in from AD, and have an escalation that fires and creates new accounts in the CTM:People form. It recognizes new accounts, but we haven't been able to determine how to have it recognize that an account is no longer in AD. Please let me know if this is even possible, and if so what the best approach is. ARS 7.1 ITSM 7.1 SQL Server 2005 Windows Server 2003 Thanks, Shane Buchholz Information Security Specialist Account Services - Information Services Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are