Re: Integrating with Windows Active Directory
Yes, the bmc plugin will talk to the AD and use the ARSystem username and password. You can have it use multiple domains but obviously you need to be able to talk to the domain controllers. If you read about areahub configurations with arealdap, then you configure each domain, it will cascade through them. Regards Danny From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Gard, Richard J Sent: 07 January 2011 16:50 To: arslist@ARSLIST.ORG Subject: Re: Integrating with Windows Active Directory ** How is Remedy (7.1) talking to LDAP for NT authentication (rather than Remedy id/pwd admin)? Can this NT authentication in Remedy (what Remedy uses) be changed to native Win AD calls? We have multiple Domains in our company and some domains are not authenticating in Remedy. I am told by my AD team that I need to go directly to Windows AD in order for the authentication to work. Best regards, Rich �x �x 你 。 GIS-ISS-SEM Service Technology Development Manager ITIL Practisioner Certified: Support and Restore Princeton, NJ (: 609-580-5802 Cell (: 617-756-4626 Information Classification: Limited Access From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, January 07, 2011 11:35 AM To: arslist@ARSLIST.ORG Subject: Re: Integrating with Windows Active Directory ** I assume you are referring to integrations for the purpose of authentication. Active Directory uses LDAP for it's back end store. Some extensions that Active Directory provides include NTLM and Kerberos, which are seperate authentication mechanisms. These extensions still rely on the back end store, which is LDAP. Using NTLM and Kerberos are possible through the mid-tier through some customization. To my knowledge NTLM and Kerberos authentication are not feasible with the native client, ARUser, but I have not spent much time digging into this aspect of authentication. You can look to author an AREA plugin that uses either Kerberos or NTLM, but the client still has to pass the necessary information to the plugin to complete the authentication handshake. 2011/1/7 Gard, Richard J ** Has anyone integrated directly with Windows AD as opposed to LDAP? Can you clue me in on what needs to be modified? Best regards, Rich �x �x 你 。 GIS-ISS-SEM Service Technology Development Manager ITIL Practisioner Certified: Support and Restore Princeton, NJ (: 609-580-5802 Cell (: 617-756-4626 Information Classification: Limited Access _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Re: Integrating with Windows Active Directory
Hi, AD actually is the LDAP protocol 2 So if you want to authenticate, e.g. use your domains username and password, then just use the bmc arealdap plugin. Kind regards Danny From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Gard, Richard J Sent: 07 January 2011 16:22 To: arslist@ARSLIST.ORG Subject: Integrating with Windows Active Directory ** Has anyone integrated directly with Windows AD as opposed to LDAP? Can you clue me in on what needs to be modified? Best regards, Rich �x �x 你 。 GIS-ISS-SEM Service Technology Development Manager ITIL Practisioner Certified: Support and Restore Princeton, NJ (: 609-580-5802 Cell (: 617-756-4626 Information Classification: Limited Access From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Allen Crouder Sent: Thursday, January 06, 2011 4:45 PM To: arslist@ARSLIST.ORG Subject: test ** test _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Re: Integrating with Windows Active Directory
How is Remedy (7.1) talking to LDAP for NT authentication (rather than Remedy id/pwd admin)? Can this NT authentication in Remedy (what Remedy uses) be changed to native Win AD calls? We have multiple Domains in our company and some domains are not authenticating in Remedy. I am told by my AD team that I need to go directly to Windows AD in order for the authentication to work. Best regards, Rich �x �x 你 。 GIS-ISS-SEM Service Technology Development Manager ITIL Practisioner Certified: Support and Restore Princeton, NJ *: 609-580-5802 Cell (: 617-756-4626 Information Classification: Limited Access From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Friday, January 07, 2011 11:35 AM To: arslist@ARSLIST.ORG Subject: Re: Integrating with Windows Active Directory ** I assume you are referring to integrations for the purpose of authentication. Active Directory uses LDAP for it's back end store. Some extensions that Active Directory provides include NTLM and Kerberos, which are seperate authentication mechanisms. These extensions still rely on the back end store, which is LDAP. Using NTLM and Kerberos are possible through the mid-tier through some customization. To my knowledge NTLM and Kerberos authentication are not feasible with the native client, ARUser, but I have not spent much time digging into this aspect of authentication. You can look to author an AREA plugin that uses either Kerberos or NTLM, but the client still has to pass the necessary information to the plugin to complete the authentication handshake. 2011/1/7 Gard, Richard J mailto:rjg...@statestreet.com>> ** Has anyone integrated directly with Windows AD as opposed to LDAP? Can you clue me in on what needs to be modified? Best regards, Rich �x �x 你 。 GIS-ISS-SEM Service Technology Development Manager ITIL Practisioner Certified: Support and Restore Princeton, NJ *: 609-580-5802 Cell (: 617-756-4626 Information Classification: Limited Access
Re: Integrating with Windows Active Directory
I assume you are referring to integrations for the purpose of authentication. Active Directory uses LDAP for it's back end store. Some extensions that Active Directory provides include NTLM and Kerberos, which are seperate authentication mechanisms. These extensions still rely on the back end store, which is LDAP. Using NTLM and Kerberos are possible through the mid-tier through some customization. To my knowledge NTLM and Kerberos authentication are not feasible with the native client, ARUser, but I have not spent much time digging into this aspect of authentication. You can look to author an AREA plugin that uses either Kerberos or NTLM, but the client still has to pass the necessary information to the plugin to complete the authentication handshake. 2011/1/7 Gard, Richard J > ** > > Has anyone integrated directly with Windows AD as opposed to LDAP? Can you > clue me in on what needs to be modified? > > > > Best regards, > *Rich* > > �x > > �x > > 你 > > 。 > > *GIS-ISS-SEM* > > *Service Technology Development Manager* > > *ITIL Practisioner Certified: Support and Restore *** > > *Princeton, NJ* (:* **609-580-5802* > *Cell* (:* **617-756-4626* > > *Information Classification: **Limited Access* > > > > *From:* Action Request System discussion list(ARSList) [mailto: > arsl...@arslist.org] *On Behalf Of *Allen Crouder > *Sent:* Thursday, January 06, 2011 4:45 PM > *To:* arslist@ARSLIST.ORG > *Subject:* test > > > > ** > > test > > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Integrating with Windows Active Directory
Has anyone integrated directly with Windows AD as opposed to LDAP? Can you clue me in on what needs to be modified? Best regards, Rich �x �x 你 。 GIS-ISS-SEM Service Technology Development Manager ITIL Practisioner Certified: Support and Restore Princeton, NJ *: 609-580-5802 Cell (: 617-756-4626 Information Classification: Limited Access From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Allen Crouder Sent: Thursday, January 06, 2011 4:45 PM To: arslist@ARSLIST.ORG Subject: test ** test _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_
