Re: AREA LDAP logging question RESOLVED
DAP server and authenticate just fine. >> Connectivity and bind credentials are not an issue. >> >> Within Remedy, logging shows that the first server defined in the AREA >> LDAP config form is ever used. >> >> I have tried AREA -HUB-Plugin lines like the following, killing the >> plugin process after each change... >> >> A single line: >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> This does not work >> >> Two Lines: >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> This does not work >> >> Two Lines: >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap_1.dll" >> In this case, I copied arealdap.dll and renamed the copied file to >> arealdap_1.dll in it's own directory >> This does not work >> >> >> Here's logging showing that the plugin tries the same server twice, and >> doesn't progress to the second server. The user in this case *CAN* be >> authenticated on the second server. When I have reversed the order of the >> servers in the config form (so that this user's server is listed first), >> then this user authenticates just fine. >> >> */+VLAREAVerifyLoginCallback -- user jdhood >> */ AREAVerifyLoginCallback >> */ ldap_init("Server-A.domain-A", 389) >> */ connect timeout previously: -1 >> */ connect timeout used: 55000 >> */ ldap_set_option(Chase Referrals): ON (handled >> by plugin) >> */ ldap_simple_bind("MrBindUser", hidden) >> */ After the bind >> */ >> ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2, >> "sAMAccountName=jdhood") >> */ Search: Can't connect to the LDAP server >> (LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points >> ref 1: 'fum.com' >> */ Cannot find the user info in LDAP server >> */ AREAVerifyLoginCallback >> */ ldap_init("Server-A.domain-A", 389) >> */ connect timeout previously: -1 >> */ connect timeout used: 55000 >> */ ldap_set_option(Chase Referrals): ON (handled >> by plugin) >> */ ldap_simple_bind("MrBindUser", hidden) >> */ After the bind >> */ >> ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2, >> "sAMAccountName=jdhood") >> */ Search: Can't connect to the LDAP server >> (LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points >> ref 1: 'fum.com' >> */ Cannot find the user info in LDAP server >> */-VLFAIL >> >> >> This can wait for the other side of the holidays though. >> >> Merry Christmas All! >> >> Thanks, >> JDHood >> >> >> >> On Sat, Dec 24, 2011 at 3:24 AM, Walters, Mark wrote: >> >>> You shouldn't have to manually edit the ar.cfg, all the necessary >>> changes will be made when you configure the additional LDAP servers via the >>> AREA LDAP configuration form. >>> >>> If you're only authenticating against one LDAP server then the hub is >>> not necessary, you should just have a Plugin: ..\arealdap.dll line in the >>> ar.cfg. When you configure two or more LDAP servers this gets replaced by >>> Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin: >>> ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2 >>> AREA-Hub-Plugin: lines. >>> >>> The AREA LDAP configuration options are the ones that get the _1, _2, >>> etc suffixes, not the plugin lines. >>> >>> Mark >>> >>> >>> From: Action Request System discussion list(ARSList) [ >>> arslist@ARSLIST.ORG] On Behalf Of JD Hood [hood...@gmail.com] >>> Sent: 23 December 2011 22:28 >>> To: arslist@ARSLIST.ORG >>> Subject: Re: AREA LDAP logging question >>> >>> ** Now that that's working... >>> >>> If I have multiple domains defined for LDAP auth in the AREA form, I >>> understand I need to specify additional arealdap.dll's on additional >>> AREA-Hub-Plugin: lines, ala: >>> >>> AREA-Hub-Plugin: "D:\Program Files\BMC &g
Re: AREA LDAP logging question
Hi, If you have multiple LDAP configured then points to rememeber, 1. In ar.conf, number of entired for AREA-Hub-Plugin should be equal to number of LDAP servers configured. So, for example if you have 2 LDAP/AD configured then your ar.conf should have 2 entires like, AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" 2. Any "Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" entries should be removed or commented out in ar.conf. 3. Once you are sure that your ar.conf file meet the above 2 points then re-cycle the arsystem. 4. Also ensure Bind User's account is not locked or it's password has not expired. Hope this may help you in dealing with this issue. Many thanks, Vishwa Saxena Aon Corportion http://us.i1.yimg.com/us.yimg.com/i/mesg/tsmileys2/01.gif";>HAVE A NICE DAY From: JD Hood To: arslist@ARSLIST.ORG Sent: Monday, December 26, 2011 8:18 PM Subject: Re: AREA LDAP logging question ** Actually, I think I have it figured out. I removed all references to the AREA plugin from AR.CFG, restarted the system and started from scratch. I added one LDAP server to the AREA config form, allowing the system to re-add the ar.cfg lines and restarted the services (just being overly cautious). Then I added the 2nd LDAP server and restarted the services. During hte 2nd restart, I noticed that the system added the AREA-Hub-Plugin to ar.cfg like so: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" And plugin logging showed that it started the AREA plugin twice, with each server listed with each plugin start-up in the order they were listed in the config form. Unfortunately at this point, the 2nd LDAP server isn't responding to pings, so I will have to wait until someone is on-site to slap it out of it's stupor. But the logged activity is looking promising and the 1st server is authenticating just fine. Thanks, JDHood On Sat, Dec 24, 2011 at 8:33 AM, JD Hood wrote: My situation is with two different LDAP servers, in two different domains configured in the AREA Config form: > > >Server-A.domain-A <<-- Remote untrusted Active Directory server defined in >the form by I.P. >B-Server.B-domain <<-- Local Active Directory server defined by hostname > > > >As regards area, the ar.cfg has the following lines for the plugins: > > >Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" >AREA-Hub-Plugin: "D:\Program Files\BMC >Software\ARSystem\arealdap\arealdap_1.dll" > > >There are no trusts between the domains involved, but outside of Remedy, I can >connect to either LDAP server and authenticate just fine. Connectivity and >bind credentials are not an issue. > > >Within Remedy, logging shows that the first server defined in the AREA LDAP >config form is ever used. > > >I have tried AREA -HUB-Plugin lines like the following, killing the plugin >process after each change... > > >A single line: >AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" >This does not work > > >Two Lines: >AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" >AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" >This does not work > > >Two Lines: >AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" >AREA-Hub-Plugin: "D:\Program Files\BMC >Software\ARSystem\arealdap\arealdap_1.dll" >In this case, I copied arealdap.dll and renamed the copied file to >arealdap_1.dll in it's own directory >This does not work > > > > >Here's logging showing that the plugin tries the same server twice, and >doesn't progress to the second server. The user in this case *CAN* be >authenticated on the second server. When I have reversed the order of the >servers in the config form (so that this user's server is listed first), then >this user authenticates just fine. > > >*/+VL AREAVerifyLoginCallback -- user jdhood >*/ AREAVerifyLoginCallback >*/ ldap_init("Server-A.domain-A", 389) >*/ connect timeout previously: -1 >*/ connect timeout used: 55000 >*/ ldap_set_option(Chase Referrals): ON (handled by >plugin) >*/ ldap_simple_bind("MrBindUser", h
Re: AREA LDAP logging question
; > Merry Christmas All! > > Thanks, > JDHood > > > > On Sat, Dec 24, 2011 at 3:24 AM, Walters, Mark wrote: > >> You shouldn't have to manually edit the ar.cfg, all the necessary changes >> will be made when you configure the additional LDAP servers via the AREA >> LDAP configuration form. >> >> If you're only authenticating against one LDAP server then the hub is not >> necessary, you should just have a Plugin: ..\arealdap.dll line in the >> ar.cfg. When you configure two or more LDAP servers this gets replaced by >> Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin: >> ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2 >> AREA-Hub-Plugin: lines. >> >> The AREA LDAP configuration options are the ones that get the _1, _2, etc >> suffixes, not the plugin lines. >> >> Mark >> >> >> From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG] >> On Behalf Of JD Hood [hood...@gmail.com] >> Sent: 23 December 2011 22:28 >> To: arslist@ARSLIST.ORG >> Subject: Re: AREA LDAP logging question >> >> ** Now that that's working... >> >> If I have multiple domains defined for LDAP auth in the AREA form, I >> understand I need to specify additional arealdap.dll's on additional >> AREA-Hub-Plugin: lines, ala: >> >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap_1.dll" >> >> Is it just as simple as copying the existing arealdap.dll and renaming it >> to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin >> line? >> >> I've tried that and it doesn't seem to work -- the authentication attempt >> doesn't progress it to the second LDAP server... >> >> Thanks, >> JDHood >> >> >> >> >> On Fri, Dec 23, 2011 at 8:59 AM, JD Hood > hood...@gmail.com>> wrote: >> That did it and it's logging much more info now! >> >> I can *now* see from logging that the failure to auth is likely >> simple-bind being rejected on the LDAP server (I didn't realize LDP uses >> SASL by default). When I changed LDP to a simple, non ssl bind, the >> known-good login failed there as well. This would be a clue. >> >> Thank you ARSList! >> -JDHood >> >> >> On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W < >> frederick.w.gro...@xo.com<mailto:frederick.w.gro...@xo.com>> wrote: >> Ah ... It should be something like: >> >> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> >> So the hub will load the arealdap plugin. Without it the arealdap plugin >> is not loaded. >> >> Fred >> >> >> -Original Message- >> From: Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood >> Sent: Thursday, December 22, 2011 6:37 PM >> To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> >> Subject: Re: AREA LDAP logging question >> >> ** Ok, I just tried that with logging on and I see: >> >> >> /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In >> Loaded: ARSYS.AREA.HUB version 2 >> >> Next, I commented out the plugin server in the armonitor and cranked it >> up manually and I got the following: >> D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i >> "D:\Program Files\BMC Software\ARSystem" -m >> >> Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 >> (c) Copyright 2001-2011 BMC Software, Inc. >> >> Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 >> (c) Copyright 1999-2011 BMC Software, Inc. >> >> >> Next item, checking the ar.cfg, I have the following lines that reference >> AREA and Plugin: >> >> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >> AREA-Hub-Plugin: >> >> >> Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or >> something else? >> >> Thanks, >> JDHood >> >> >> -Original Message-
Re: AREA LDAP logging question
My situation is with two different LDAP servers, in two different domains configured in the AREA Config form: Server-A.domain-A <<-- Remote untrusted Active Directory server defined in the form by I.P. B-Server.B-domain <<-- Local Active Directory server defined by hostname As regards area, the ar.cfg has the following lines for the plugins: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" There are no trusts between the domains involved, but outside of Remedy, I can connect to either LDAP server and authenticate just fine. Connectivity and bind credentials are not an issue. Within Remedy, logging shows that the first server defined in the AREA LDAP config form is ever used. I have tried AREA -HUB-Plugin lines like the following, killing the plugin process after each change... A single line: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" This does not work Two Lines: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" This does not work Two Lines: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" In this case, I copied arealdap.dll and renamed the copied file to arealdap_1.dll in it's own directory This does not work Here's logging showing that the plugin tries the same server twice, and doesn't progress to the second server. The user in this case *CAN* be authenticated on the second server. When I have reversed the order of the servers in the config form (so that this user's server is listed first), then this user authenticates just fine. */+VLAREAVerifyLoginCallback -- user jdhood */ AREAVerifyLoginCallback */ ldap_init("Server-A.domain-A", 389) */ connect timeout previously: -1 */ connect timeout used: 55000 */ ldap_set_option(Chase Referrals): ON (handled by plugin) */ ldap_simple_bind("MrBindUser", hidden) */ After the bind */ ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2, "sAMAccountName=jdhood") */ Search: Can't connect to the LDAP server (LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points ref 1: 'fum.com' */ Cannot find the user info in LDAP server */ AREAVerifyLoginCallback */ ldap_init("Server-A.domain-A", 389) */ connect timeout previously: -1 */ connect timeout used: 55000 */ ldap_set_option(Chase Referrals): ON (handled by plugin) */ ldap_simple_bind("MrBindUser", hidden) */ After the bind */ ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2, "sAMAccountName=jdhood") */ Search: Can't connect to the LDAP server (LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points ref 1: 'fum.com' */ Cannot find the user info in LDAP server */-VLFAIL This can wait for the other side of the holidays though. Merry Christmas All! Thanks, JDHood On Sat, Dec 24, 2011 at 3:24 AM, Walters, Mark wrote: > You shouldn't have to manually edit the ar.cfg, all the necessary changes > will be made when you configure the additional LDAP servers via the AREA > LDAP configuration form. > > If you're only authenticating against one LDAP server then the hub is not > necessary, you should just have a Plugin: ..\arealdap.dll line in the > ar.cfg. When you configure two or more LDAP servers this gets replaced by > Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin: > ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2 > AREA-Hub-Plugin: lines. > > The AREA LDAP configuration options are the ones that get the _1, _2, etc > suffixes, not the plugin lines. > > Mark > > > From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG] > On Behalf Of JD Hood [hood...@gmail.com] > Sent: 23 December 2011 22:28 > To: arslist@ARSLIST.ORG > Subject: Re: AREA LDAP logging question > > ** Now that that's working... > > If I have multiple domains defined for LDAP auth in the AREA form, I > understand I need to specify additional arealdap.dll's on additional > AREA-Hub-Plugin: lines, ala: > > AREA-Hub-Plugin: "D:\Program Files\BMC > Software\ARSystem\arealdap\arealdap.dll" > AREA-Hub-Plugin: "D:\Program Files\BMC > Software\ARSystem\arealdap\arealdap_1.dll" > >
AREA LDAP logging question
A little off topic, but one of my favourite SSO Plugin customer questions was as follows: "Why do I need to configure the BMC AREA plugin when I've configured SSO Plugin to integrate with my Active Directory?" And here is an example of why it's so important to listen to customers, because it hadn't occurred to me that we could drop the requirement for the BMC AREA LDAP plugin by providing our own login screen to authenticate users using the connection details for SSO. As Mark points out, multiple Active Directories (typically, domains) also requires multiple configurations with the BMC AREA LDAP plugin, yet SSO Plugin has just four fields for AD integration, with typically no further information required for multiple domains. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
You shouldn't have to manually edit the ar.cfg, all the necessary changes will be made when you configure the additional LDAP servers via the AREA LDAP configuration form. If you're only authenticating against one LDAP server then the hub is not necessary, you should just have a Plugin: ..\arealdap.dll line in the ar.cfg. When you configure two or more LDAP servers this gets replaced by Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin: ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2 AREA-Hub-Plugin: lines. The AREA LDAP configuration options are the ones that get the _1, _2, etc suffixes, not the plugin lines. Mark From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG] On Behalf Of JD Hood [hood...@gmail.com] Sent: 23 December 2011 22:28 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** Now that that's working... If I have multiple domains defined for LDAP auth in the AREA form, I understand I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: lines, ala: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" Is it just as simple as copying the existing arealdap.dll and renaming it to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line? I've tried that and it doesn't seem to work -- the authentication attempt doesn't progress it to the second LDAP server... Thanks, JDHood On Fri, Dec 23, 2011 at 8:59 AM, JD Hood mailto:hood...@gmail.com>> wrote: That did it and it's logging much more info now! I can *now* see from logging that the failure to auth is likely simple-bind being rejected on the LDAP server (I didn't realize LDP uses SASL by default). When I changed LDP to a simple, non ssl bind, the known-good login failed there as well. This would be a clue. Thank you ARSList! -JDHood On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W mailto:frederick.w.gro...@xo.com>> wrote: Ah ... It should be something like: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" So the hub will load the arealdap plugin. Without it the arealdap plugin is not loaded. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood Sent: Thursday, December 22, 2011 6:37 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: AREA LDAP logging question ** Ok, I just tried that with logging on and I see: /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood -Original Message- On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: ** JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: /areahub.so (or dll) Kind regards Danny -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: AREA LDAP logging question ** The plugin log only will s
Re: AREA LDAP logging question
I'm not sure if you need an additional dll loaded in the hub. I think that just having the multiple entries in the config form and having the chaining option turned on should do the trick. The multiple dll option is when you need multiple types of authentication (such as having your own single sign on dll in addition to the Remedy AREA one). Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Friday, December 23, 2011 4:29 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** Now that that's working... If I have multiple domains defined for LDAP auth in the AREA form, I understand I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: lines, ala: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" Is it just as simple as copying the existing arealdap.dll and renaming it to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line? I've tried that and it doesn't seem to work -- the authentication attempt doesn't progress it to the second LDAP server... Thanks, JDHood -Original Message- On Fri, Dec 23, 2011 at 8:59 AM, JD Hood wrote: That did it and it's logging much more info now! I can *now* see from logging that the failure to auth is likely simple-bind being rejected on the LDAP server (I didn't realize LDP uses SASL by default). When I changed LDP to a simple, non ssl bind, the known-good login failed there as well. This would be a clue. Thank you ARSList! -JDHood On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W wrote: Ah ... It should be something like: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" So the hub will load the arealdap plugin. Without it the arealdap plugin is not loaded. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Thursday, December 22, 2011 6:37 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** Ok, I just tried that with logging on and I see: /* Thu Dec 22 2011 19:16:06.3790 */AREA Plug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood -Original Message- On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: ** JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: /areahub.so (or dll) Kind regards Danny -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files
Re: AREA LDAP logging question
Now that that's working... If I have multiple domains defined for LDAP auth in the AREA form, I understand I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: lines, ala: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" Is it just as simple as copying the existing arealdap.dll and renaming it to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line? I've tried that and it doesn't seem to work -- the authentication attempt doesn't progress it to the second LDAP server... Thanks, JDHood On Fri, Dec 23, 2011 at 8:59 AM, JD Hood wrote: > That did it and it's logging much more info now! > > I can *now* see from logging that the failure to auth is likely > simple-bind being rejected on the LDAP server (I didn't realize LDP uses > SASL by default). When I changed LDP to a simple, non ssl bind, the > known-good login failed there as well. This would be a clue. > > Thank you ARSList! > -JDHood > > > On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W < > frederick.w.gro...@xo.com> wrote: > >> Ah ... It should be something like: >> >> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> >> So the hub will load the arealdap plugin. Without it the arealdap plugin >> is not loaded. >> >> Fred >> >> >> -Original Message- >> From: Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG] On Behalf Of JD Hood >> Sent: Thursday, December 22, 2011 6:37 PM >> To: arslist@ARSLIST.ORG >> Subject: Re: AREA LDAP logging question >> >> ** Ok, I just tried that with logging on and I see: >> >> >> /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In >> Loaded: ARSYS.AREA.HUB version 2 >> >> Next, I commented out the plugin server in the armonitor and cranked it >> up manually and I got the following: >> D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i >> "D:\Program Files\BMC Software\ARSystem" -m >> >> Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 >> (c) Copyright 2001-2011 BMC Software, Inc. >> >> Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 >> (c) Copyright 1999-2011 BMC Software, Inc. >> >> >> Next item, checking the ar.cfg, I have the following lines that reference >> AREA and Plugin: >> >> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >> AREA-Hub-Plugin: >> >> >> Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or >> something else? >> >> Thanks, >> JDHood >> >> >> -Original Message- >> On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: >> ** >> JD, >> >> When you start the AR Server (or kill -9 arplugin) and it creates a new >> arplugin log file, do you see this anywhere? >> >> Plug-In Loaded: ARSYS.AREA.LDAP version 2 >> >> In fact I would search for ARSYS.AREA.LDAP. If you don't have any in >> there, then the plugin isn't loading. >> >> If this is the case, comment out the arplugin line in the armonitor.conf >> and restart. Then you can start the arplugin manually from the commandline. >> Then if something is up, it will echo it to the console. >> >> I don't think your arealdap plugin is loading. In your ar.conf, have you >> got the arealdap.so (or dll) on a line beginning with Plugin: or >> AREA-Hub-Plugin:? >> >> If its the second one, then make sure you have Plugin: >> /areahub.so (or dll) >> >> Kind regards >> Danny >> >> -Original Message- >> From: Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG] On Behalf Of JD Hood >> Sent: 22 December 2011 23:39 >> To: arslist@ARSLIST.ORG >> Subject: Re: AREA LDAP logging question >> >> ** The plugin log only will show a single +VL and -VL per each login >> attempt. I don't see anything that indicates it's loading the AREA plugin >> in the plugin log. >> >> When support saw that, they went straight to the ar.cfg, but the AREA >> config entries in there look
Re: AREA LDAP logging question
From: JD Hood [mailto:hood...@gmail.com] Sent: Friday, December 23, 2011 08:59 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** That did it and it's logging much more info now! I can *now* see from logging that the failure to auth is likely simple-bind being rejected on the LDAP server (I didn't realize LDP uses SASL by default). When I changed LDP to a simple, non ssl bind, the known-good login failed there as well. This would be a clue. Thank you ARSList! -JDHood On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W mailto:frederick.w.gro...@xo.com>> wrote: Ah ... It should be something like: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" So the hub will load the arealdap plugin. Without it the arealdap plugin is not loaded. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood Sent: Thursday, December 22, 2011 6:37 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: AREA LDAP logging question ** Ok, I just tried that with logging on and I see: /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood -Original Message- On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: ** JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: /areahub.so (or dll) Kind regards Danny -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: AREA LDAP logging question ** The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files and logs (java stuff too) and they are going to have a look, presumably with engineering. After all this, I wouldn't be surprised to find it's a network issue or something outside of Remedy. If only we could get logging to wake up, we could have better visibility into what it's doing. But the logging side is just not cooperating... Thanks, JDHood -Original Message- On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: Do you see the lines in the log where it is loading the AREA plugin? If not how is the arealdap plugin listed in the ar.cfg file? An additional thought... On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr directory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood Sent: Wednesday, December 21, 2011 5:50 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: AREA LDAP loggin
Re: AREA LDAP logging question
That did it and it's logging much more info now! I can *now* see from logging that the failure to auth is likely simple-bind being rejected on the LDAP server (I didn't realize LDP uses SASL by default). When I changed LDP to a simple, non ssl bind, the known-good login failed there as well. This would be a clue. Thank you ARSList! -JDHood On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W < frederick.w.gro...@xo.com> wrote: > Ah ... It should be something like: > > Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap > Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" > AREA-Hub-Plugin: "D:\Program Files\BMC > Software\ARSystem\arealdap\arealdap.dll" > > So the hub will load the arealdap plugin. Without it the arealdap plugin > is not loaded. > > Fred > > > -Original Message- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of JD Hood > Sent: Thursday, December 22, 2011 6:37 PM > To: arslist@ARSLIST.ORG > Subject: Re: AREA LDAP logging question > > ** Ok, I just tried that with logging on and I see: > > 00> /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: > ARSYS.AREA.HUB version 2 > > Next, I commented out the plugin server in the armonitor and cranked it up > manually and I got the following: > D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i > "D:\Program Files\BMC Software\ARSystem" -m > > Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 > (c) Copyright 2001-2011 BMC Software, Inc. > > Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 > (c) Copyright 1999-2011 BMC Software, Inc. > > > Next item, checking the ar.cfg, I have the following lines that reference > AREA and Plugin: > > Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap > Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" > AREA-Hub-Plugin: > > > Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or > something else? > > Thanks, > JDHood > > > -Original Message- > On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: > ** > JD, > > When you start the AR Server (or kill -9 arplugin) and it creates a new > arplugin log file, do you see this anywhere? > > Plug-In Loaded: ARSYS.AREA.LDAP version 2 > > In fact I would search for ARSYS.AREA.LDAP. If you don't have any in > there, then the plugin isn't loading. > > If this is the case, comment out the arplugin line in the armonitor.conf > and restart. Then you can start the arplugin manually from the commandline. > Then if something is up, it will echo it to the console. > > I don't think your arealdap plugin is loading. In your ar.conf, have you > got the arealdap.so (or dll) on a line beginning with Plugin: or > AREA-Hub-Plugin:? > > If its the second one, then make sure you have Plugin: > /areahub.so (or dll) > > Kind regards > Danny > > -Original Message- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of JD Hood > Sent: 22 December 2011 23:39 > To: arslist@ARSLIST.ORG > Subject: Re: AREA LDAP logging question > > ** The plugin log only will show a single +VL and -VL per each login > attempt. I don't see anything that indicates it's loading the AREA plugin > in the plugin log. > > When support saw that, they went straight to the ar.cfg, but the AREA > config entries in there look fine. > > We do know that the bind user, login & pass are good because we can use > those values with LDP to browse/search LDAP. > > So, something is wonky with the Remedy AREA plugin, they just don't know > what yet. Bundled up the config files and logs (java stuff too) and they > are going to have a look, presumably with engineering. > > After all this, I wouldn't be surprised to find it's a network issue or > something outside of Remedy. If only we could get logging to wake up, we > could have better visibility into what it's doing. But the logging side is > just not cooperating... > > Thanks, > JDHood > > -Original Message- > On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: > Do you see the lines in the log where it is loading the AREA plugin? If > not how is the arealdap plugin listed in the ar.cfg file? > > An additional thought... > On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged > thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the > pluginsvr directory. > > Fred > > -Original Message- &
Re: AREA LDAP logging question
Hi JD, You found the areahub loading but not the arealdap. ARSYS.AREA.HUB You need ARSYS.AREA.LDAP So there is your issue. Add the following line to your ar.cfg AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" Then restart. That should do it. Just a final point, if you are not using any other external authentication plugin, or you only have one arealdap configured, then there is no reason to have the hub configured. Hope this helps, kind regards. Danny Single Sign On (SSO) for the BMC Remedy AR System and ITSM http://www.javasystemsolutions.com/jss/ssoplugin From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: 23 December 2011 00:37 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** Ok, I just tried that with logging on and I see: /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: ** JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: /areahub.so (or dll) Kind regards Danny From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files and logs (java stuff too) and they are going to have a look, presumably with engineering. After all this, I wouldn't be surprised to find it's a network issue or something outside of Remedy. If only we could get logging to wake up, we could have better visibility into what it's doing. But the logging side is just not cooperating... Thanks, JDHood On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: Do you see the lines in the log where it is loading the AREA plugin? If not how is the arealdap plugin listed in the ar.cfg file? An additional thought... On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr directory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Wednesday, December 21, 2011 5:50 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP logging question ** 7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a tes
Re: AREA LDAP logging question
Ah ... It should be something like: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" So the hub will load the arealdap plugin. Without it the arealdap plugin is not loaded. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Thursday, December 22, 2011 6:37 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** Ok, I just tried that with logging on and I see: /* Thu Dec 22 2011 19:16:06.3790 */AREA Plug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood -Original Message- On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: ** JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: /areahub.so (or dll) Kind regards Danny -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files and logs (java stuff too) and they are going to have a look, presumably with engineering. After all this, I wouldn't be surprised to find it's a network issue or something outside of Remedy. If only we could get logging to wake up, we could have better visibility into what it's doing. But the logging side is just not cooperating... Thanks, JDHood -Original Message- On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: Do you see the lines in the log where it is loading the AREA plugin? If not how is the arealdap plugin listed in the ar.cfg file? An additional thought... On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr directory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Wednesday, December 21, 2011 5:50 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP logging question ** 7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a test user. Out of those 730 lines of logging, I only get the following two lines that mention AREA or my user: /* Wed Dec 21 2011 18:14:13.9300 */+VL AREAVerifyLoginCallback -- user TRAIN19
Re: AREA LDAP logging question
Ok, I just tried that with logging on and I see: /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett < danny.kell...@strategicworkflow.com> wrote: > ** > > JD, > > ** ** > > When you start the AR Server (or kill -9 arplugin) and it creates a new > arplugin log file, do you see this anywhere? > > ** ** > > Plug-In Loaded: ARSYS.AREA.LDAP version 2 > > ** ** > > In fact I would search for ARSYS.AREA.LDAP. If you don’t have any in > there, then the plugin isn’t loading. > > ** ** > > If this is the case, comment out the arplugin line in the armonitor.conf > and restart. Then you can start the arplugin manually from the commandline. > Then if something is up, it will echo it to the console. > > ** ** > > I don’t think your arealdap plugin is loading. In your ar.conf, have you > got the arealdap.so (or dll) on a line beginning with Plugin: or > AREA-Hub-Plugin:? > > ** ** > > If its the second one, then make sure you have Plugin: > /areahub.so (or dll) > > ** ** > > Kind regards > > Danny > > ** ** > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *JD Hood > *Sent:* 22 December 2011 23:39 > *To:* arslist@ARSLIST.ORG > *Subject:* Re: AREA LDAP logging question > > ** ** > > ** The plugin log only will show a single +VL and -VL per each login > attempt. I don't see anything that indicates it's loading the AREA plugin > in the plugin log. > > ** ** > > When support saw that, they went straight to the ar.cfg, but the AREA > config entries in there look fine. > > ** ** > > We do know that the bind user, login & pass are good because we can use > those values with LDP to browse/search LDAP. > > ** ** > > So, something is wonky with the Remedy AREA plugin, they just don't know > what yet. Bundled up the config files and logs (java stuff too) and they > are going to have a look, presumably with engineering. > > ** ** > > After all this, I wouldn't be surprised to find it's a network issue or > something outside of Remedy. If only we could get logging to wake up, we > could have better visibility into what it's doing. But the logging side is > just not cooperating... > > ** ** > > Thanks, > > JDHood > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W < > frederick.w.gro...@xo.com> wrote: > > Do you see the lines in the log where it is loading the AREA plugin? If > not how is the arealdap plugin listed in the ar.cfg file? > > An additional thought... > On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged > thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the > pluginsvr directory. > > Fred > > > -Original Message- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of JD Hood > Sent: Wednesday, December 21, 2011 5:50 PM > To: arslist@ARSLIST.ORG > Subject: AREA LDAP logging question > > ** > 7.6.04 ITSM on Windows & SQL Server > > I'm trying to configure AREA authentication. I have everything configured > enough to make an authentication attempt and the attempt naturally fails. > > I do not have a POC at the LDAP server to check my test user's account or > to check logging on the LDAP end. > > At this point, I'm not even sure I'm reaching LDAP, successfully binding > and/or hitting the test user's LDAP account. > > With plugin logging on and set to "ALL", I get about 730 lines of logging > when I attempt to login with a test user. > > Out of
Re: AREA LDAP logging question
JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: /areahub.so (or dll) Kind regards Danny From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP logging question ** The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files and logs (java stuff too) and they are going to have a look, presumably with engineering. After all this, I wouldn't be surprised to find it's a network issue or something outside of Remedy. If only we could get logging to wake up, we could have better visibility into what it's doing. But the logging side is just not cooperating... Thanks, JDHood On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: Do you see the lines in the log where it is loading the AREA plugin? If not how is the arealdap plugin listed in the ar.cfg file? An additional thought... On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr directory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Wednesday, December 21, 2011 5:50 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP logging question ** 7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a test user. Out of those 730 lines of logging, I only get the following two lines that mention AREA or my user: /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback -- user TRAIN19 /* Wed Dec 21 2011 18:14:13.9300 */-VL FAIL This is like troubleshooting via braille method. Is there another AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY side? I've checked ARSList archives and the BMC KB's and can't find anything that I haven't already tried. I do see some really nice log examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think they would tell me what I need to know to get this working. For now, all I can find is those two measly log lines above. Any suggestions on how to get AREA logging much more verbose on the *REMEDY SIDE*? Thanks in advance! JDHood ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files and logs (java stuff too) and they are going to have a look, presumably with engineering. After all this, I wouldn't be surprised to find it's a network issue or something outside of Remedy. If only we could get logging to wake up, we could have better visibility into what it's doing. But the logging side is just not cooperating... Thanks, JDHood On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W < frederick.w.gro...@xo.com> wrote: > Do you see the lines in the log where it is loading the AREA plugin? If > not how is the arealdap plugin listed in the ar.cfg file? > > An additional thought... > On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged > thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the > pluginsvr directory. > > Fred > > -Original Message- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of JD Hood > Sent: Wednesday, December 21, 2011 5:50 PM > To: arslist@ARSLIST.ORG > Subject: AREA LDAP logging question > > ** > 7.6.04 ITSM on Windows & SQL Server > > I'm trying to configure AREA authentication. I have everything configured > enough to make an authentication attempt and the attempt naturally fails. > > I do not have a POC at the LDAP server to check my test user's account or > to check logging on the LDAP end. > > At this point, I'm not even sure I'm reaching LDAP, successfully binding > and/or hitting the test user's LDAP account. > > With plugin logging on and set to "ALL", I get about 730 lines of logging > when I attempt to login with a test user. > > Out of those 730 lines of logging, I only get the following two lines that > mention AREA or my user: > > 390695> /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback >-- user TRAIN19 > 390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL >FAIL > > > This is like troubleshooting via braille method. Is there another > AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY > side? > > I've checked ARSList archives and the BMC KB's and can't find anything > that I haven't already tried. I do see some really nice log > examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on > the Remedy Side. I think they would tell me what I need to know to get this > working. For now, all I can find is those two measly log lines above. > > Any suggestions on how to get AREA logging much more verbose on the > *REMEDY SIDE*? > > Thanks in advance! > JDHood > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
Yep, it stumped BMC support during the webex too. It's there, plain as day (Plugin-Log-Level: 100)*and* everything else is logging like a champ (or appears to be). Just not AREA. No idea why or how to make it behave. Thanks JDHood On Thu, Dec 22, 2011 at 2:14 PM, Danny Kellett < danny.kell...@strategicworkflow.com> wrote: > ** > JD > > Your log snippet is not an example of the plugin log level set to 100. So > do you have that line duplicated in you AR.cfg by accident? > > The BMC plugin is very good at letting you know what is wrong when set to > 100. > > Have you restarted since setting log level to 100? > > Regards > Danny > > On 22 Dec 2011, at 18:53, JD Hood wrote: > > ** I appreciate the offer, but the client might frown on posting their > info on the list. So, I've opened an issue with BMC instead. > > But I think you might be on to something. I see a ton of logging for > ARDBC, but just a few lines for AREA on startup. > > And I just realized I've omitted that we are setting it up for multiple > domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a > Multi-Domain Environment); however, we just have the one LDAP server > defined in AREA at this time. > > MS's LDP.exe confirms we can reach the target LDAP server *and* bind using > our test user *and* authenticate with that test user outside of Remedy. > > But within Remedy, we get "Authentication Failed". We know we have the > user & pass correct, so the possibilities are: Remedy isn't actually > connecting to LDAP *or* it is connecting, but can't find the user. Until I > can validate the plugin is starting up and get logging to spit out more > info, I'm stuck using the braille method to troubleshoot. > > Full circle now -- time to engage BMC support. > > Thanks again, > JDHood > > > On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark wrote: > >> ** >> >> I suspect that either the AREA LDAP plugin is not being loaded for some >> reason or there is a configuration issue. >> >> ** ** >> >> Are you able to post the ar.conf and the plugin log, from startup, so >> that I can see what you have set up? >> >> ** ** >> >> Mark >> >> ** ** >> >> I work for BMC, I don’t speak for them. >> >> ** ** >> >> *From:* Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG] *On Behalf Of *JD Hood >> *Sent:* 21 December 2011 23:50 >> *To:* arslist@ARSLIST.ORG >> *Subject:* AREA LDAP logging question >> >> ** ** >> >> ** >> >> 7.6.04 ITSM on Windows & SQL Server >> >> ** ** >> >> I'm trying to configure AREA authentication. I have everything configured >> enough to make an authentication attempt and the attempt naturally fails. >> >> >> ** ** >> >> I do not have a POC at the LDAP server to check my test user's account or >> to check logging on the LDAP end. >> >> ** ** >> >> At this point, I'm not even sure I'm reaching LDAP, successfully binding >> and/or hitting the test user's LDAP account. >> >> ** ** >> >> With plugin logging on and set to "ALL", I get about 730 lines of logging >> when I attempt to login with a test user. >> >> ** ** >> >> Out of those 730 lines of logging, I only get the following two lines >> that mention AREA or my user: >> >> ** ** >> >> >> /* Wed Dec 21 2011 18:14:13.9300 */+VL >> AREAVerifyLoginCallback -- user TRAIN19 >> >> >> /* Wed Dec 21 2011 18:14:13.9300 */-VL >>FAIL >> >> ** ** >> >> ** ** >> >> This is like troubleshooting via braille method. Is there another >> AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY >> side? >> >> ** ** >> >> I've checked ARSList archives and the BMC KB's and can't find anything >> that I haven't already tried. I do see some really nice log >> examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on >> the Remedy Side. I think they would tell me what I need to know to get this >> working. For now, all I can find is those two measly log lines above. >> >> ** ** >> >> Any suggestions on how to get AREA logging much more verbose on the >> *REMEDY SIDE*? >> >> ** ** >> >> Thanks in advance! >> >> JDHood >> >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
Do you see the lines in the log where it is loading the AREA plugin? If not how is the arealdap plugin listed in the ar.cfg file? An additional thought... On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr directory. Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: Wednesday, December 21, 2011 5:50 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP logging question ** 7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a test user. Out of those 730 lines of logging, I only get the following two lines that mention AREA or my user: /* Wed Dec 21 2011 18:14:13.9300 */+VL AREAVerifyLoginCallback -- user TRAIN19 /* Wed Dec 21 2011 18:14:13.9300 */-VL FAIL This is like troubleshooting via braille method. Is there another AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY side? I've checked ARSList archives and the BMC KB's and can't find anything that I haven't already tried. I do see some really nice log examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think they would tell me what I need to know to get this working. For now, all I can find is those two measly log lines above. Any suggestions on how to get AREA logging much more verbose on the *REMEDY SIDE*? Thanks in advance! JDHood ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
JD Your log snippet is not an example of the plugin log level set to 100. So do you have that line duplicated in you AR.cfg by accident? The BMC plugin is very good at letting you know what is wrong when set to 100. Have you restarted since setting log level to 100? Regards Danny On 22 Dec 2011, at 18:53, JD Hood wrote: > ** I appreciate the offer, but the client might frown on posting their info > on the list. So, I've opened an issue with BMC instead. > > But I think you might be on to something. I see a ton of logging for ARDBC, > but just a few lines for AREA on startup. > > And I just realized I've omitted that we are setting it up for multiple > domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a > Multi-Domain Environment); however, we just have the one LDAP server defined > in AREA at this time. > > MS's LDP.exe confirms we can reach the target LDAP server *and* bind using > our test user *and* authenticate with that test user outside of Remedy. > > But within Remedy, we get "Authentication Failed". We know we have the user & > pass correct, so the possibilities are: Remedy isn't actually connecting to > LDAP *or* it is connecting, but can't find the user. Until I can validate the > plugin is starting up and get logging to spit out more info, I'm stuck using > the braille method to troubleshoot. > > Full circle now -- time to engage BMC support. > > Thanks again, > JDHood > > > On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark wrote: > ** > I suspect that either the AREA LDAP plugin is not being loaded for some > reason or there is a configuration issue. > > > > Are you able to post the ar.conf and the plugin log, from startup, so that I > can see what you have set up? > > > > Mark > > > > I work for BMC, I don’t speak for them. > > > > From: Action Request System discussion list(ARSList) > [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood > Sent: 21 December 2011 23:50 > To: arslist@ARSLIST.ORG > Subject: AREA LDAP logging question > > > > ** > > 7.6.04 ITSM on Windows & SQL Server > > > > I'm trying to configure AREA authentication. I have everything configured > enough to make an authentication attempt and the attempt naturally fails. > > > > I do not have a POC at the LDAP server to check my test user's account or to > check logging on the LDAP end. > > > > At this point, I'm not even sure I'm reaching LDAP, successfully binding > and/or hitting the test user's LDAP account. > > > > With plugin logging on and set to "ALL", I get about 730 lines of logging > when I attempt to login with a test user. > > > > Out of those 730 lines of logging, I only get the following two lines that > mention AREA or my user: > > > > 390695> /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback > -- user TRAIN19 > > 390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL > FAIL > > > > > > This is like troubleshooting via braille method. Is there another AREA/LDAP > log or some way to log the bind and auth attempt on the REMEDY side? > > > > I've checked ARSList archives and the BMC KB's and can't find anything that I > haven't already tried. I do see some really nice log examples (Knowledge > Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I > think they would tell me what I need to know to get this working. For now, > all I can find is those two measly log lines above. > > > > Any suggestions on how to get AREA logging much more verbose on the *REMEDY > SIDE*? > > > > Thanks in advance! > > JDHood > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
I appreciate the offer, but the client might frown on posting their info on the list. So, I've opened an issue with BMC instead. But I think you might be on to something. I see a ton of logging for ARDBC, but just a few lines for AREA on startup. And I just realized I've omitted that we are setting it up for multiple domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a Multi-Domain Environment); however, we just have the one LDAP server defined in AREA at this time. MS's LDP.exe confirms we can reach the target LDAP server *and* bind using our test user *and* authenticate with that test user outside of Remedy. But within Remedy, we get "Authentication Failed". We know we have the user & pass correct, so the possibilities are: Remedy isn't actually connecting to LDAP *or* it is connecting, but can't find the user. Until I can validate the plugin is starting up and get logging to spit out more info, I'm stuck using the braille method to troubleshoot. Full circle now -- time to engage BMC support. Thanks again, JDHood On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark wrote: > ** > > I suspect that either the AREA LDAP plugin is not being loaded for some > reason or there is a configuration issue. > > ** ** > > Are you able to post the ar.conf and the plugin log, from startup, so that > I can see what you have set up? > > ** ** > > Mark > > ** ** > > I work for BMC, I don’t speak for them. > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *JD Hood > *Sent:* 21 December 2011 23:50 > *To:* arslist@ARSLIST.ORG > *Subject:* AREA LDAP logging question > > ** ** > > ** > > 7.6.04 ITSM on Windows & SQL Server > > ** ** > > I'm trying to configure AREA authentication. I have everything configured > enough to make an authentication attempt and the attempt naturally fails.* > *** > > ** ** > > I do not have a POC at the LDAP server to check my test user's account or > to check logging on the LDAP end. > > ** ** > > At this point, I'm not even sure I'm reaching LDAP, successfully binding > and/or hitting the test user's LDAP account. > > ** ** > > With plugin logging on and set to "ALL", I get about 730 lines of logging > when I attempt to login with a test user. > > ** ** > > Out of those 730 lines of logging, I only get the following two lines that > mention AREA or my user: > > ** ** > > 390695> /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback >-- user TRAIN19 > > 390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL >FAIL > > ** ** > > ** ** > > This is like troubleshooting via braille method. Is there another > AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY > side? > > ** ** > > I've checked ARSList archives and the BMC KB's and can't find anything > that I haven't already tried. I do see some really nice log > examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on > the Remedy Side. I think they would tell me what I need to know to get this > working. For now, all I can find is those two measly log lines above. > > ** ** > > Any suggestions on how to get AREA logging much more verbose on the > *REMEDY SIDE*? > > ** ** > > Thanks in advance! > > JDHood > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
I did that, but no joy - I still get the same two lines (re: AREA) out of about 730 total log lines. -JDH On Thu, Dec 22, 2011 at 3:13 AM, John Baker wrote: > JD > > Set the Plugin-Log-Level to 100 in ar.cfg. That should give you much > more logging. > > > John > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
AREA LDAP logging question
JD Set the Plugin-Log-Level to 100 in ar.cfg. That should give you much more logging. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
I suspect that either the AREA LDAP plugin is not being loaded for some reason or there is a configuration issue. Are you able to post the ar.conf and the plugin log, from startup, so that I can see what you have set up? Mark I work for BMC, I don't speak for them. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood Sent: 21 December 2011 23:50 To: arslist@ARSLIST.ORG Subject: AREA LDAP logging question ** 7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a test user. Out of those 730 lines of logging, I only get the following two lines that mention AREA or my user: /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback -- user TRAIN19 /* Wed Dec 21 2011 18:14:13.9300 */-VL FAIL This is like troubleshooting via braille method. Is there another AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY side? I've checked ARSList archives and the BMC KB's and can't find anything that I haven't already tried. I do see some really nice log examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think they would tell me what I need to know to get this working. For now, all I can find is those two measly log lines above. Any suggestions on how to get AREA logging much more verbose on the *REMEDY SIDE*? Thanks in advance! JDHood _attend WWRUG12 www.wwrug.com<http://www.wwrug.com> ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: AREA LDAP logging question
Thanks Jesus, I'm OK with the set-up and with an ldap browser, I just need to get more verbose logging on the Remedy side so I can see what the Remedy plugin is doing to troubleshoot it. Thanks again, JDHood On Wed, Dec 21, 2011 at 7:14 PM, VARGAS, JESUS EMILIO (JESUS EMILIO) < jesus_emilio.var...@alcatel-lucent.com> wrote: > ** ** ** > > The second mail part1 with the guide..! > > ** ** > > Best Regards. > > ** ** > > ** ** > > *J. Emilio Vargas* > ALCATEL-LUCENT > Av. Ciencia #13 Zona Industrial. > Cuautitlan Izcalli - México > T: +52 55 5870 9000 > M: +52 1 55 5509 5590 > jesus_emilio.var...@alcatel-lucent.com > -- > > *From:* VARGAS, JESUS EMILIO (JESUS EMILIO) > *Sent:* Miércoles, 21 de Diciembre de 2011 06:12 p.m. > *To:* 'arslist@ARSLIST.ORG' > *Subject:* FW: AREA LDAP logging question > > ** ** > > Hi JD Hood > > ** ** > > My recommendation is first check if you AR Server is able to connect to > AREA Server (Active Directory), as attach I send you a small software than > can help you to do the test. Ldp.exe (.zip file) > > ** ** > > And in a second mail w2guides “how to configure AREA…!” Is for old > version, but the process is the same > > ** ** > > Best Regards. > > *J. Emilio Vargas* > ALCATEL-LUCENT > Av. Ciencia #13 Zona Industrial. > Cuautitlan Izcalli - México > T: +52 55 5870 9000 > M: +52 1 55 5509 5590 > jesus_emilio.var...@alcatel-lucent.com > -- > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *JD Hood > *Sent:* Miércoles, 21 de Diciembre de 2011 05:50 p.m. > *To:* arslist@ARSLIST.ORG > *Subject:* AREA LDAP logging question > > ** ** > > ** > > 7.6.04 ITSM on Windows & SQL Server > > ** ** > > I'm trying to configure AREA authentication. I have everything configured > enough to make an authentication attempt and the attempt naturally fails.* > *** > > ** ** > > I do not have a POC at the LDAP server to check my test user's account or > to check logging on the LDAP end. > > ** ** > > At this point, I'm not even sure I'm reaching LDAP, successfully binding > and/or hitting the test user's LDAP account. > > ** ** > > With plugin logging on and set to "**ALL**", I get about 730 lines of > logging when I attempt to login with a test user. > > ** ** > > Out of those 730 lines of logging, I only get the following two lines that > mention AREA or my user: > > ** ** > > 390695> /* Wed **Dec 21 2011** 18:14:13.9300 */+VL > AREAVerifyLoginCallback -- user TRAIN19 > > 390695> /* Wed **Dec 21 2011** 18:14:13.9300 */-VL > FAIL > > ** ** > > ** ** > > This is like troubleshooting via braille method. Is there another > AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY > side? > > ** ** > > I've checked ARSList archives and the **BMC** KB's and can't find > anything that I haven't already tried. I do see some really nice log > examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on > the Remedy Side. I think they would tell me what I need to know to get this > working. For now, all I can find is those two measly log lines above. > > ** ** > > Any suggestions on how to get AREA logging much more verbose on the > *REMEDY **SIDE***? > > ** ** > > Thanks in advance! > > JDHood > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
AREA LDAP logging question
7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a test user. Out of those 730 lines of logging, I only get the following two lines that mention AREA or my user: /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback -- user TRAIN19 /* Wed Dec 21 2011 18:14:13.9300 */-VL FAIL This is like troubleshooting via braille method. Is there another AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY side? I've checked ARSList archives and the BMC KB's and can't find anything that I haven't already tried. I do see some really nice log examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think they would tell me what I need to know to get this working. For now, all I can find is those two measly log lines above. Any suggestions on how to get AREA logging much more verbose on the *REMEDY SIDE*? Thanks in advance! JDHood ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"