Re: AREA LDAP logging question RESOLVED

2012-01-02 Thread JD Hood 
DAP server and authenticate just fine.
>> Connectivity and bind credentials are not an issue.
>>
>> Within Remedy, logging shows that the first server defined in the AREA
>> LDAP config form is ever used.
>>
>> I have tried AREA -HUB-Plugin lines like the following, killing the
>> plugin process after each change...
>>
>> A single line:
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>> This does not work
>>
>> Two Lines:
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>> This does not work
>>
>> Two Lines:
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap_1.dll"
>> In this case, I copied arealdap.dll and renamed the copied file to
>> arealdap_1.dll in it's own directory
>>  This does not work
>>
>>
>> Here's logging showing that the plugin tries the same server twice, and
>> doesn't progress to the second server. The user in this case *CAN* be
>> authenticated on the second server. When I have reversed the order of the
>> servers in the config form (so that this user's server is listed first),
>> then this user authenticates just fine.
>>
>> */+VLAREAVerifyLoginCallback  -- user jdhood
>> */  AREAVerifyLoginCallback
>> */  ldap_init("Server-A.domain-A", 389)
>> */  connect timeout previously: -1
>> */  connect timeout used: 55000
>> */  ldap_set_option(Chase Referrals): ON (handled
>> by plugin)
>> */  ldap_simple_bind("MrBindUser", hidden)
>> */  After the bind
>> */ 
>> ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2,
>> "sAMAccountName=jdhood")
>> */  Search: Can't connect to the LDAP server
>> (LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points
>> ref 1: 'fum.com'
>> */  Cannot find the user info in LDAP server
>> */  AREAVerifyLoginCallback
>> */  ldap_init("Server-A.domain-A", 389)
>> */  connect timeout previously: -1
>> */  connect timeout used: 55000
>> */  ldap_set_option(Chase Referrals): ON (handled
>> by plugin)
>> */  ldap_simple_bind("MrBindUser", hidden)
>> */  After the bind
>> */ 
>> ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2,
>> "sAMAccountName=jdhood")
>> */  Search: Can't connect to the LDAP server
>> (LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points
>> ref 1: 'fum.com'
>> */  Cannot find the user info in LDAP server
>> */-VLFAIL
>>
>>
>> This can wait for the other side of the holidays though.
>>
>> Merry Christmas All!
>>
>> Thanks,
>> JDHood
>>
>>
>>
>> On Sat, Dec 24, 2011 at 3:24 AM, Walters, Mark wrote:
>>
>>> You shouldn't have to manually edit the ar.cfg, all the necessary
>>> changes will be made when you configure the additional LDAP servers via the
>>> AREA LDAP configuration form.
>>>
>>> If you're only authenticating against one LDAP server then the hub is
>>> not necessary, you should just have a Plugin: ..\arealdap.dll line in the
>>> ar.cfg.   When you configure two or more LDAP servers this gets replaced by
>>> Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin:
>>>  ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2
>>> AREA-Hub-Plugin: lines.
>>>
>>> The AREA LDAP configuration options are the ones that get the _1, _2,
>>> etc suffixes, not the plugin lines.
>>>
>>> Mark
>>>
>>> 
>>> From: Action Request System discussion list(ARSList) [
>>> arslist@ARSLIST.ORG] On Behalf Of JD Hood [hood...@gmail.com]
>>> Sent: 23 December 2011 22:28
>>> To: arslist@ARSLIST.ORG
>>> Subject: Re: AREA LDAP logging question
>>>
>>> ** Now that that's working...
>>>
>>> If I have multiple domains defined for LDAP auth in the AREA form, I
>>> understand I need to specify additional arealdap.dll's on additional
>>> AREA-Hub-Plugin: lines, ala:
>>>
>>> AREA-Hub-Plugin: "D:\Program Files\BMC
&g

Re: AREA LDAP logging question

2011-12-28 Thread anurag saxena 
Hi,
 
If you have multiple LDAP configured then points to rememeber,
 
1. In ar.conf, number of entired for AREA-Hub-Plugin should be equal to number 
of LDAP servers configured.
So, for example if you have 2 LDAP/AD configured then your ar.conf should have 
2 entires like,
 AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"

2. Any "Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" 
entries should be removed or commented out in ar.conf.

3. Once you are sure that your ar.conf file meet the above 2 points then 
re-cycle the arsystem.

4. Also ensure Bind User's account is not locked or it's password has not 
expired.

Hope this may help you in dealing with this issue.
 
Many thanks,
Vishwa Saxena
Aon Corportion



http://us.i1.yimg.com/us.yimg.com/i/mesg/tsmileys2/01.gif";>HAVE A NICE DAY






From: JD Hood 
To: arslist@ARSLIST.ORG 
Sent: Monday, December 26, 2011 8:18 PM
Subject: Re: AREA LDAP logging question


** Actually, I think I have it figured out. 

I removed all references to the AREA plugin from AR.CFG, restarted the system 
and started from scratch. I added one LDAP server to the AREA config 
form, allowing the system to re-add the ar.cfg lines and restarted the services 
(just being overly cautious). Then I added the 2nd LDAP server and restarted 
the services.

During hte 2nd restart, I noticed that the system added the AREA-Hub-Plugin to 
ar.cfg like so:
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"

And plugin logging showed that it started the AREA plugin twice, with each 
server listed with each plugin start-up in the order they were listed in the 
config form.

Unfortunately at this point, the 2nd LDAP server isn't responding to pings, so 
I will have to wait until someone is on-site to slap it out of it's stupor. 

But the logged activity is looking promising and the 1st server is 
authenticating just fine.

Thanks,
JDHood



On Sat, Dec 24, 2011 at 8:33 AM, JD Hood  wrote:

My situation is with two different LDAP servers, in two different domains 
configured in the AREA Config form: 
>
>
>Server-A.domain-A   <<-- Remote untrusted Active Directory server defined in 
>the form by I.P.
>B-Server.B-domain   <<-- Local Active Directory server defined by hostname
>
>
>
>As regards area, the ar.cfg has the following lines for the plugins:
>
>
>Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
>Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
>AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
>AREA-Hub-Plugin: "D:\Program Files\BMC 
>Software\ARSystem\arealdap\arealdap_1.dll"
>
>
>There are no trusts between the domains involved, but outside of Remedy, I can 
>connect to either LDAP server and authenticate just fine. Connectivity and 
>bind credentials are not an issue. 
>
>
>Within Remedy, logging shows that the first server defined in the AREA LDAP 
>config form is ever used.
>
>
>I have tried AREA -HUB-Plugin lines like the following, killing the plugin 
>process after each change...
>
>
>A single line:
>AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
>This does not work
>
>
>Two Lines:
>AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
>AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
>This does not work
>
>
>Two Lines:
>AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
>AREA-Hub-Plugin: "D:\Program Files\BMC 
>Software\ARSystem\arealdap\arealdap_1.dll"
>In this case, I copied arealdap.dll and renamed the copied file to 
>arealdap_1.dll in it's own directory
>This does not work
>
>
>
>
>Here's logging showing that the plugin tries the same server twice, and 
>doesn't progress to the second server. The user in this case *CAN* be 
>authenticated on the second server. When I have reversed the order of the 
>servers in the config form (so that this user's server is listed first), then 
>this user authenticates just fine.
>
>
>*/+VL    AREAVerifyLoginCallback          -- user jdhood
>*/  AREAVerifyLoginCallback
>*/  ldap_init("Server-A.domain-A", 389)
>*/  connect timeout previously: -1
>*/  connect timeout used: 55000
>*/  ldap_set_option(Chase Referrals): ON (handled by 
>plugin)
>*/  ldap_simple_bind("MrBindUser", h

Re: AREA LDAP logging question

2011-12-26 Thread JD Hood 
;
> Merry Christmas All!
>
> Thanks,
> JDHood
>
>
>
> On Sat, Dec 24, 2011 at 3:24 AM, Walters, Mark wrote:
>
>> You shouldn't have to manually edit the ar.cfg, all the necessary changes
>> will be made when you configure the additional LDAP servers via the AREA
>> LDAP configuration form.
>>
>> If you're only authenticating against one LDAP server then the hub is not
>> necessary, you should just have a Plugin: ..\arealdap.dll line in the
>> ar.cfg.   When you configure two or more LDAP servers this gets replaced by
>> Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin:
>>  ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2
>> AREA-Hub-Plugin: lines.
>>
>> The AREA LDAP configuration options are the ones that get the _1, _2, etc
>> suffixes, not the plugin lines.
>>
>> Mark
>>
>> 
>> From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG]
>> On Behalf Of JD Hood [hood...@gmail.com]
>> Sent: 23 December 2011 22:28
>> To: arslist@ARSLIST.ORG
>> Subject: Re: AREA LDAP logging question
>>
>> ** Now that that's working...
>>
>> If I have multiple domains defined for LDAP auth in the AREA form, I
>> understand I need to specify additional arealdap.dll's on additional
>> AREA-Hub-Plugin: lines, ala:
>>
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap_1.dll"
>>
>> Is it just as simple as copying the existing arealdap.dll and renaming it
>> to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin
>> line?
>>
>> I've tried that and it doesn't seem to work -- the authentication attempt
>> doesn't progress it to the second LDAP server...
>>
>> Thanks,
>> JDHood
>>
>>
>>
>>
>> On Fri, Dec 23, 2011 at 8:59 AM, JD Hood > hood...@gmail.com>> wrote:
>> That did it and it's logging much more info now!
>>
>> I can *now* see from logging that the failure to auth is likely
>> simple-bind being rejected on the LDAP server (I didn't realize LDP uses
>> SASL by default). When I changed LDP to a simple, non ssl bind, the
>> known-good login failed there as well. This would be a clue.
>>
>> Thank you ARSList!
>> -JDHood
>>
>>
>> On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W <
>> frederick.w.gro...@xo.com<mailto:frederick.w.gro...@xo.com>> wrote:
>> Ah ... It should be something like:
>>
>> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
>> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>>
>> So the hub will load the arealdap plugin.  Without it the arealdap plugin
>> is not loaded.
>>
>> Fred
>>
>>
>> -Original Message-
>> From: Action Request System discussion list(ARSList) [mailto:
>> arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood
>> Sent: Thursday, December 22, 2011 6:37 PM
>> To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
>> Subject: Re: AREA LDAP logging question
>>
>> ** Ok, I just tried that with logging on and I see:
>>
>>
>>  /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In
>> Loaded: ARSYS.AREA.HUB version 2
>>
>> Next, I commented out the plugin server in the armonitor and cranked it
>> up manually and I got the following:
>> D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i
>> "D:\Program Files\BMC Software\ARSystem" -m
>>
>> Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
>> (c) Copyright 2001-2011 BMC Software, Inc.
>>
>> Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
>> (c) Copyright 1999-2011 BMC Software, Inc.
>>
>>
>> Next item, checking the ar.cfg, I have the following lines that reference
>> AREA and Plugin:
>>
>> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
>> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
>> AREA-Hub-Plugin:
>>
>>
>> Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or
>> something else?
>>
>> Thanks,
>> JDHood
>>
>>
>> -Original Message-

Re: AREA LDAP logging question

2011-12-24 Thread JD Hood 
My situation is with two different LDAP servers, in two different domains
configured in the AREA Config form:

Server-A.domain-A   <<-- Remote untrusted Active Directory server defined
in the form by I.P.
B-Server.B-domain   <<-- Local Active Directory server defined by hostname

As regards area, the ar.cfg has the following lines for the plugins:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap_1.dll"

There are no trusts between the domains involved, but outside of Remedy, I
can connect to either LDAP server and authenticate just fine. Connectivity
and bind credentials are not an issue.

Within Remedy, logging shows that the first server defined in the AREA LDAP
config form is ever used.

I have tried AREA -HUB-Plugin lines like the following, killing the plugin
process after each change...

A single line:
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"
This does not work

Two Lines:
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"
This does not work

Two Lines:
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap_1.dll"
In this case, I copied arealdap.dll and renamed the copied file to
arealdap_1.dll in it's own directory
This does not work


Here's logging showing that the plugin tries the same server twice, and
doesn't progress to the second server. The user in this case *CAN* be
authenticated on the second server. When I have reversed the order of the
servers in the config form (so that this user's server is listed first),
then this user authenticates just fine.

*/+VLAREAVerifyLoginCallback  -- user jdhood
*/  AREAVerifyLoginCallback
*/  ldap_init("Server-A.domain-A", 389)
*/  connect timeout previously: -1
*/  connect timeout used: 55000
*/  ldap_set_option(Chase Referrals): ON (handled
by plugin)
*/  ldap_simple_bind("MrBindUser", hidden)
*/  After the bind
*/ 
ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2,
"sAMAccountName=jdhood")
*/  Search: Can't connect to the LDAP server
(LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'fum.com'
*/  Cannot find the user info in LDAP server
*/  AREAVerifyLoginCallback
*/  ldap_init("Server-A.domain-A", 389)
*/  connect timeout previously: -1
*/  connect timeout used: 55000
*/  ldap_set_option(Chase Referrals): ON (handled
by plugin)
*/  ldap_simple_bind("MrBindUser", hidden)
*/  After the bind
*/ 
ldap_search_ext("OU=Users,OU=fee,OU=fie,OU=foe,DC=fum,DC=com", 2,
"sAMAccountName=jdhood")
*/  Search: Can't connect to the LDAP server
(LDAPERR Code 91) 202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'fum.com'
*/  Cannot find the user info in LDAP server
*/-VLFAIL


This can wait for the other side of the holidays though.

Merry Christmas All!

Thanks,
JDHood



On Sat, Dec 24, 2011 at 3:24 AM, Walters, Mark  wrote:

> You shouldn't have to manually edit the ar.cfg, all the necessary changes
> will be made when you configure the additional LDAP servers via the AREA
> LDAP configuration form.
>
> If you're only authenticating against one LDAP server then the hub is not
> necessary, you should just have a Plugin: ..\arealdap.dll line in the
> ar.cfg.   When you configure two or more LDAP servers this gets replaced by
> Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin:
>  ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2
> AREA-Hub-Plugin: lines.
>
> The AREA LDAP configuration options are the ones that get the _1, _2, etc
> suffixes, not the plugin lines.
>
> Mark
>
> 
> From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG]
> On Behalf Of JD Hood [hood...@gmail.com]
> Sent: 23 December 2011 22:28
> To: arslist@ARSLIST.ORG
> Subject: Re: AREA LDAP logging question
>
> ** Now that that's working...
>
> If I have multiple domains defined for LDAP auth in the AREA form, I
> understand I need to specify additional arealdap.dll's on additional
> AREA-Hub-Plugin: lines, ala:
>
> AREA-Hub-Plugin: "D:\Program Files\BMC
> Software\ARSystem\arealdap\arealdap.dll"
> AREA-Hub-Plugin: "D:\Program Files\BMC
> Software\ARSystem\arealdap\arealdap_1.dll"
>
>

Re: AREA LDAP logging question

2011-12-24 Thread Walters, Mark 
You shouldn't have to manually edit the ar.cfg, all the necessary changes will 
be made when you configure the additional LDAP servers via the AREA LDAP 
configuration form.

If you're only authenticating against one LDAP server then the hub is not 
necessary, you should just have a Plugin: ..\arealdap.dll line in the ar.cfg.   
When you configure two or more LDAP servers this gets replaced by Plugin: 
..\areahub.dll and there should be one AREA-Hug-Plugin:  ..\arealdap.dll for 
EACH LDAP server - i.e. 2 LDAP servers, 2 AREA-Hub-Plugin: lines.

The AREA LDAP configuration options are the ones that get the _1, _2, etc 
suffixes, not the plugin lines.

Mark


From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG] On 
Behalf Of JD Hood [hood...@gmail.com]
Sent: 23 December 2011 22:28
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question

** Now that that's working...

If I have multiple domains defined for LDAP auth in the AREA form, I understand 
I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: 
lines, ala:

AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC 
Software\ARSystem\arealdap\arealdap_1.dll"

Is it just as simple as copying the existing arealdap.dll and renaming it to 
something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line?

I've tried that and it doesn't seem to work -- the authentication attempt 
doesn't progress it to the second LDAP server...

Thanks,
JDHood




On Fri, Dec 23, 2011 at 8:59 AM, JD Hood 
mailto:hood...@gmail.com>> wrote:
That did it and it's logging much more info now!

I can *now* see from logging that the failure to auth is likely simple-bind 
being rejected on the LDAP server (I didn't realize LDP uses SASL by default). 
When I changed LDP to a simple, non ssl bind, the known-good login failed there 
as well. This would be a clue.

Thank you ARSList!
-JDHood


On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W 
mailto:frederick.w.gro...@xo.com>> wrote:
Ah ... It should be something like:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"

So the hub will load the arealdap plugin.  Without it the arealdap plugin is 
not loaded.

Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood
Sent: Thursday, December 22, 2011 6:37 PM
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: Re: AREA LDAP logging question

** Ok, I just tried that with logging on and I see:

 /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: 
ARSYS.AREA.HUB version 2

Next, I commented out the plugin server in the armonitor and cranked it up 
manually and I got the following:
D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i "D:\Program 
Files\BMC Software\ARSystem" -m

Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
(c) Copyright 2001-2011 BMC Software, Inc.

Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
(c) Copyright 1999-2011 BMC Software, Inc.


Next item, checking the ar.cfg, I have the following lines that reference AREA 
and Plugin:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin:


Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something 
else?

Thanks,
JDHood


-Original Message-
On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote:
**
JD,

When you start the AR Server (or kill -9 arplugin) and it creates a new 
arplugin log file, do you see this anywhere?

Plug-In Loaded: ARSYS.AREA.LDAP version 2

In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, 
then the plugin isn't loading.

If this is the case, comment out the arplugin line in the armonitor.conf and 
restart. Then you can start the arplugin manually from the commandline. Then if 
something is up, it will echo it to the console.

I don't think your arealdap plugin is loading. In your ar.conf, have you got 
the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:?

If its the second one, then make sure you have Plugin: /areahub.so (or 
dll)

Kind regards
Danny

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood
Sent: 22 December 2011 23:39
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: Re: AREA LDAP logging question

** The plugin log only will s

Re: AREA LDAP logging question

2011-12-23 Thread Grooms, Frederick W 
I'm not sure if you need an additional dll loaded in the hub.  I think that 
just having the multiple entries in the config form and having the chaining 
option turned on should do the trick.  The multiple dll option is when you need 
multiple types of authentication (such as having your own single sign on dll in 
addition to the Remedy AREA one).

Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Friday, December 23, 2011 4:29 PM
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question

** Now that that's working... 

If I have multiple domains defined for LDAP auth in the AREA form, I understand 
I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: 
lines, ala:

AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC 
Software\ARSystem\arealdap\arealdap_1.dll"

Is it just as simple as copying the existing arealdap.dll and renaming it to 
something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line? 

I've tried that and it doesn't seem to work -- the authentication attempt 
doesn't progress it to the second LDAP server...

Thanks,
JDHood


-Original Message-
On Fri, Dec 23, 2011 at 8:59 AM, JD Hood wrote:
That did it and it's logging much more info now!

I can *now* see from logging that the failure to auth is likely simple-bind 
being rejected on the LDAP server (I didn't realize LDP uses SASL by default). 
When I changed LDP to a simple, non ssl bind, the known-good login failed there 
as well. This would be a clue.

Thank you ARSList!
-JDHood

On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W 
 wrote:
Ah ... It should be something like:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"

So the hub will load the arealdap plugin.  Without it the arealdap plugin is 
not loaded.

Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Thursday, December 22, 2011 6:37 PM
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question
** Ok, I just tried that with logging on and I see:

 /* Thu Dec 22 2011 19:16:06.3790 */AREA    Plug-In Loaded: 
ARSYS.AREA.HUB version 2

Next, I commented out the plugin server in the armonitor and cranked it up 
manually and I got the following:
D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i "D:\Program 
Files\BMC Software\ARSystem" -m

Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
(c) Copyright 2001-2011 BMC Software, Inc.

Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
(c) Copyright 1999-2011 BMC Software, Inc.


Next item, checking the ar.cfg, I have the following lines that reference AREA 
and Plugin:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin: 


Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something 
else?

Thanks,
JDHood

-Original Message-
On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote:
**
JD,
 
When you start the AR Server (or kill -9 arplugin) and it creates a new 
arplugin log file, do you see this anywhere?
 
Plug-In Loaded: ARSYS.AREA.LDAP version 2
 
In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, 
then the plugin isn't loading.
 
If this is the case, comment out the arplugin line in the armonitor.conf and 
restart. Then you can start the arplugin manually from the commandline. Then if 
something is up, it will echo it to the console.
 
I don't think your arealdap plugin is loading. In your ar.conf, have you got 
the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:?
 
If its the second one, then make sure you have Plugin: /areahub.so (or 
dll)
 
Kind regards
Danny
 
-Original Message- 
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: 22 December 2011 23:39
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question
 
** The plugin log only will show a single +VL and -VL per each login attempt.  
I don't see anything that indicates it's loading the AREA plugin in the plugin 
log. 
 
When support saw that, they went straight to the ar.cfg, but the AREA config 
entries in there look fine.
 
We do know that the bind user, login & pass are good because we can use those 
values with LDP to browse/search LDAP.
 
So, something is wonky with the Remedy AREA plugin, they just don't know what 
yet. Bundled up  the config files

Re: AREA LDAP logging question

2011-12-23 Thread JD Hood 
Now that that's working...

If I have multiple domains defined for LDAP auth in the AREA form, I
understand I need to specify additional arealdap.dll's on
additional AREA-Hub-Plugin: lines, ala:

AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap_1.dll"

Is it just as simple as copying the existing arealdap.dll and renaming it
to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin
line?

I've tried that and it doesn't seem to work -- the authentication attempt
doesn't progress it to the second LDAP server...

Thanks,
JDHood




On Fri, Dec 23, 2011 at 8:59 AM, JD Hood  wrote:

> That did it and it's logging much more info now!
>
> I can *now* see from logging that the failure to auth is likely
> simple-bind being rejected on the LDAP server (I didn't realize LDP uses
> SASL by default). When I changed LDP to a simple, non ssl bind, the
> known-good login failed there as well. This would be a clue.
>
> Thank you ARSList!
> -JDHood
>
>
> On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W <
> frederick.w.gro...@xo.com> wrote:
>
>> Ah ... It should be something like:
>>
>> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
>> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
>> AREA-Hub-Plugin: "D:\Program Files\BMC
>> Software\ARSystem\arealdap\arealdap.dll"
>>
>> So the hub will load the arealdap plugin.  Without it the arealdap plugin
>> is not loaded.
>>
>> Fred
>>
>>
>> -Original Message-
>> From: Action Request System discussion list(ARSList) [mailto:
>> arslist@ARSLIST.ORG] On Behalf Of JD Hood
>> Sent: Thursday, December 22, 2011 6:37 PM
>> To: arslist@ARSLIST.ORG
>> Subject: Re: AREA LDAP logging question
>>
>> ** Ok, I just tried that with logging on and I see:
>>
>>
>>  /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In
>> Loaded: ARSYS.AREA.HUB version 2
>>
>> Next, I commented out the plugin server in the armonitor and cranked it
>> up manually and I got the following:
>> D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i
>> "D:\Program Files\BMC Software\ARSystem" -m
>>
>> Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
>> (c) Copyright 2001-2011 BMC Software, Inc.
>>
>> Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
>> (c) Copyright 1999-2011 BMC Software, Inc.
>>
>>
>> Next item, checking the ar.cfg, I have the following lines that reference
>> AREA and Plugin:
>>
>> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
>> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
>> AREA-Hub-Plugin:
>>
>>
>> Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or
>> something else?
>>
>> Thanks,
>> JDHood
>>
>>
>> -Original Message-
>> On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote:
>> **
>> JD,
>>
>> When you start the AR Server (or kill -9 arplugin) and it creates a new
>> arplugin log file, do you see this anywhere?
>>
>> Plug-In Loaded: ARSYS.AREA.LDAP version 2
>>
>> In fact I would search for ARSYS.AREA.LDAP. If you don't have any in
>> there, then the plugin isn't loading.
>>
>> If this is the case, comment out the arplugin line in the armonitor.conf
>> and restart. Then you can start the arplugin manually from the commandline.
>> Then if something is up, it will echo it to the console.
>>
>> I don't think your arealdap plugin is loading. In your ar.conf, have you
>> got the arealdap.so (or dll) on a line beginning with Plugin: or
>> AREA-Hub-Plugin:?
>>
>> If its the second one, then make sure you have Plugin:
>> /areahub.so (or dll)
>>
>> Kind regards
>> Danny
>>
>> -Original Message-
>> From: Action Request System discussion list(ARSList) [mailto:
>> arslist@ARSLIST.ORG] On Behalf Of JD Hood
>> Sent: 22 December 2011 23:39
>> To: arslist@ARSLIST.ORG
>> Subject: Re: AREA LDAP logging question
>>
>> ** The plugin log only will show a single +VL and -VL per each login
>> attempt.  I don't see anything that indicates it's loading the AREA plugin
>> in the plugin log.
>>
>> When support saw that, they went straight to the ar.cfg, but the AREA
>> config entries in there look

Re: AREA LDAP logging question

2011-12-23 Thread Levermore, Dwayne (USAEO) [Contractor] 


From: JD Hood [mailto:hood...@gmail.com]
Sent: Friday, December 23, 2011 08:59 AM
To: arslist@ARSLIST.ORG 
Subject: Re: AREA LDAP logging question

** That did it and it's logging much more info now!

I can *now* see from logging that the failure to auth is likely simple-bind 
being rejected on the LDAP server (I didn't realize LDP uses SASL by default). 
When I changed LDP to a simple, non ssl bind, the known-good login failed there 
as well. This would be a clue.

Thank you ARSList!
-JDHood


On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W 
mailto:frederick.w.gro...@xo.com>> wrote:
Ah ... It should be something like:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll"

So the hub will load the arealdap plugin.  Without it the arealdap plugin is 
not loaded.

Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood
Sent: Thursday, December 22, 2011 6:37 PM
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: Re: AREA LDAP logging question

** Ok, I just tried that with logging on and I see:

 /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded: 
ARSYS.AREA.HUB version 2

Next, I commented out the plugin server in the armonitor and cranked it up 
manually and I got the following:
D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i "D:\Program 
Files\BMC Software\ARSystem" -m

Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
(c) Copyright 2001-2011 BMC Software, Inc.

Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
(c) Copyright 1999-2011 BMC Software, Inc.


Next item, checking the ar.cfg, I have the following lines that reference AREA 
and Plugin:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin:


Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something 
else?

Thanks,
JDHood


-Original Message-
On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote:
**
JD,

When you start the AR Server (or kill -9 arplugin) and it creates a new 
arplugin log file, do you see this anywhere?

Plug-In Loaded: ARSYS.AREA.LDAP version 2

In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, 
then the plugin isn't loading.

If this is the case, comment out the arplugin line in the armonitor.conf and 
restart. Then you can start the arplugin manually from the commandline. Then if 
something is up, it will echo it to the console.

I don't think your arealdap plugin is loading. In your ar.conf, have you got 
the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:?

If its the second one, then make sure you have Plugin: /areahub.so (or 
dll)

Kind regards
Danny

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood
Sent: 22 December 2011 23:39
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: Re: AREA LDAP logging question

** The plugin log only will show a single +VL and -VL per each login attempt.  
I don't see anything that indicates it's loading the AREA plugin in the plugin 
log.

When support saw that, they went straight to the ar.cfg, but the AREA config 
entries in there look fine.

We do know that the bind user, login & pass are good because we can use those 
values with LDP to browse/search LDAP.

So, something is wonky with the Remedy AREA plugin, they just don't know what 
yet. Bundled up  the config files and logs (java stuff too) and they are going 
to have a look, presumably with engineering.

After all this, I wouldn't be surprised to find it's a network issue or 
something outside of Remedy. If only we could get logging to wake up, we could 
have better visibility into what it's doing. But the logging side is just not 
cooperating...

Thanks,
JDHood

-Original Message-
On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote:
Do you see the lines in the log where it is loading the AREA plugin?   If not 
how is the arealdap plugin listed in the ar.cfg file?

An additional thought...
On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru 
the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr 
directory.

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of JD Hood
Sent: Wednesday, December 21, 2011 5:50 PM
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: AREA LDAP loggin

Re: AREA LDAP logging question

2011-12-23 Thread JD Hood 
That did it and it's logging much more info now!

I can *now* see from logging that the failure to auth is likely simple-bind
being rejected on the LDAP server (I didn't realize LDP uses SASL by
default). When I changed LDP to a simple, non ssl bind, the known-good
login failed there as well. This would be a clue.

Thank you ARSList!
-JDHood


On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W <
frederick.w.gro...@xo.com> wrote:

> Ah ... It should be something like:
>
> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
> AREA-Hub-Plugin: "D:\Program Files\BMC
> Software\ARSystem\arealdap\arealdap.dll"
>
> So the hub will load the arealdap plugin.  Without it the arealdap plugin
> is not loaded.
>
> Fred
>
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of JD Hood
> Sent: Thursday, December 22, 2011 6:37 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: AREA LDAP logging question
>
> ** Ok, I just tried that with logging on and I see:
>
>  00> /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded:
> ARSYS.AREA.HUB version 2
>
> Next, I commented out the plugin server in the armonitor and cranked it up
> manually and I got the following:
> D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i
> "D:\Program Files\BMC Software\ARSystem" -m
>
> Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
> (c) Copyright 2001-2011 BMC Software, Inc.
>
> Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
> (c) Copyright 1999-2011 BMC Software, Inc.
>
>
> Next item, checking the ar.cfg, I have the following lines that reference
> AREA and Plugin:
>
> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
> AREA-Hub-Plugin:
>
>
> Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or
> something else?
>
> Thanks,
> JDHood
>
>
> -Original Message-
> On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote:
> **
> JD,
>
> When you start the AR Server (or kill -9 arplugin) and it creates a new
> arplugin log file, do you see this anywhere?
>
> Plug-In Loaded: ARSYS.AREA.LDAP version 2
>
> In fact I would search for ARSYS.AREA.LDAP. If you don't have any in
> there, then the plugin isn't loading.
>
> If this is the case, comment out the arplugin line in the armonitor.conf
> and restart. Then you can start the arplugin manually from the commandline.
> Then if something is up, it will echo it to the console.
>
> I don't think your arealdap plugin is loading. In your ar.conf, have you
> got the arealdap.so (or dll) on a line beginning with Plugin: or
> AREA-Hub-Plugin:?
>
> If its the second one, then make sure you have Plugin:
> /areahub.so (or dll)
>
> Kind regards
> Danny
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of JD Hood
> Sent: 22 December 2011 23:39
> To: arslist@ARSLIST.ORG
> Subject: Re: AREA LDAP logging question
>
> ** The plugin log only will show a single +VL and -VL per each login
> attempt.  I don't see anything that indicates it's loading the AREA plugin
> in the plugin log.
>
> When support saw that, they went straight to the ar.cfg, but the AREA
> config entries in there look fine.
>
> We do know that the bind user, login & pass are good because we can use
> those values with LDP to browse/search LDAP.
>
> So, something is wonky with the Remedy AREA plugin, they just don't know
> what yet. Bundled up  the config files and logs (java stuff too) and they
> are going to have a look, presumably with engineering.
>
> After all this, I wouldn't be surprised to find it's a network issue or
> something outside of Remedy. If only we could get logging to wake up, we
> could have better visibility into what it's doing. But the logging side is
> just not cooperating...
>
> Thanks,
> JDHood
>
> -Original Message-
> On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote:
> Do you see the lines in the log where it is loading the AREA plugin?   If
> not how is the arealdap plugin listed in the ar.cfg file?
>
> An additional thought...
> On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged
> thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the
> pluginsvr directory.
>
> Fred
>
> -Original Message-
&

Re: AREA LDAP logging question

2011-12-23 Thread Danny Kellett 
Hi JD,

 

You found the areahub loading but not the arealdap.

 

ARSYS.AREA.HUB

 

You need 

 

ARSYS.AREA.LDAP

 

So there is your issue. Add the following line to your ar.cfg

 

AREA-Hub-Plugin: "D:\Program Files\BMC
Software\ARSystem\arealdap\arealdap.dll"

 

Then restart. That should do it. Just a final point, if you are not using
any other external authentication plugin, or you only have one arealdap
configured, then there is no reason to have the hub configured.

Hope this helps, kind regards.

Danny

 

Single Sign On (SSO) for the BMC Remedy AR System and ITSM

http://www.javasystemsolutions.com/jss/ssoplugin

 

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: 23 December 2011 00:37
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question

 

** Ok, I just tried that with logging on and I see:

 

 /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded:
ARSYS.AREA.HUB version 2

Next, I commented out the plugin server in the armonitor and cranked it up
manually and I got the following:

D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i
"D:\Program Files\BMC Software\ARSystem" -m

 

Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614

(c) Copyright 2001-2011 BMC Software, Inc.

 

Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614

(c) Copyright 1999-2011 BMC Software, Inc.

 

 

Next item, checking the ar.cfg, I have the following lines that reference
AREA and Plugin:

 

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap

Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"

AREA-Hub-Plugin: 



Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or
something else?

 

Thanks,

JDHood

 





On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett
 wrote:

** 

JD,

 

When you start the AR Server (or kill -9 arplugin) and it creates a new
arplugin log file, do you see this anywhere?

 

Plug-In Loaded: ARSYS.AREA.LDAP version 2

 

In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there,
then the plugin isn't loading. 

 

If this is the case, comment out the arplugin line in the armonitor.conf and
restart. Then you can start the arplugin manually from the commandline. Then
if something is up, it will echo it to the console.

 

I don't think your arealdap plugin is loading. In your ar.conf, have you got
the arealdap.so (or dll) on a line beginning with Plugin: or
AREA-Hub-Plugin:?

 

If its the second one, then make sure you have Plugin: /areahub.so
(or dll)

 

Kind regards

Danny

 

 

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: 22 December 2011 23:39
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question

 

** The plugin log only will show a single +VL and -VL per each login
attempt.  I don't see anything that indicates it's loading the AREA plugin
in the plugin log. 

 

When support saw that, they went straight to the ar.cfg, but the AREA config
entries in there look fine.

 

We do know that the bind user, login & pass are good because we can use
those values with LDP to browse/search LDAP.

 

So, something is wonky with the Remedy AREA plugin, they just don't know
what yet. Bundled up  the config files and logs (java stuff too) and they
are going to have a look, presumably with engineering.

 

After all this, I wouldn't be surprised to find it's a network issue or
something outside of Remedy. If only we could get logging to wake up, we
could have better visibility into what it's doing. But the logging side is
just not cooperating...

 

Thanks,

JDHood

 

 

 

 

 

 

On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W
 wrote:

Do you see the lines in the log where it is loading the AREA plugin?   If
not how is the arealdap plugin listed in the ar.cfg file?

An additional thought...
On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged
thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr
directory.

Fred


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Wednesday, December 21, 2011 5:50 PM
To: arslist@ARSLIST.ORG
Subject: AREA LDAP logging question

**
7.6.04 ITSM on Windows & SQL Server

I'm trying to configure AREA authentication. I have everything configured
enough to make an authentication attempt and the attempt naturally fails.

I do not have a POC at the LDAP server to check my test user's account or to
check logging on the LDAP end.

At this point, I'm not even sure I'm reaching LDAP, successfully binding
and/or hitting the test user's LDAP account.

With plugin logging on and set to "ALL", I get about 730 lines of logging
when I attempt to login with a tes

Re: AREA LDAP logging question

2011-12-22 Thread Grooms, Frederick W 
Ah ... It should be something like:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap   
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"   
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" 
  

So the hub will load the arealdap plugin.  Without it the arealdap plugin is 
not loaded.

Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Thursday, December 22, 2011 6:37 PM
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question

** Ok, I just tried that with logging on and I see:

 /* Thu Dec 22 2011 19:16:06.3790 */AREA    Plug-In Loaded: 
ARSYS.AREA.HUB version 2

Next, I commented out the plugin server in the armonitor and cranked it up 
manually and I got the following:
D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i "D:\Program 
Files\BMC Software\ARSystem" -m

Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
(c) Copyright 2001-2011 BMC Software, Inc.

Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
(c) Copyright 1999-2011 BMC Software, Inc.


Next item, checking the ar.cfg, I have the following lines that reference AREA 
and Plugin:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin: 


Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something 
else?

Thanks,
JDHood


-Original Message-
On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote:
** 
JD,
 
When you start the AR Server (or kill -9 arplugin) and it creates a new 
arplugin log file, do you see this anywhere?
 
Plug-In Loaded: ARSYS.AREA.LDAP version 2
 
In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, 
then the plugin isn't loading. 
 
If this is the case, comment out the arplugin line in the armonitor.conf and 
restart. Then you can start the arplugin manually from the commandline. Then if 
something is up, it will echo it to the console.
 
I don't think your arealdap plugin is loading. In your ar.conf, have you got 
the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:?
 
If its the second one, then make sure you have Plugin: /areahub.so (or 
dll)
 
Kind regards
Danny
 
-Original Message- 
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: 22 December 2011 23:39
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question
 
** The plugin log only will show a single +VL and -VL per each login attempt.  
I don't see anything that indicates it's loading the AREA plugin in the plugin 
log. 
 
When support saw that, they went straight to the ar.cfg, but the AREA config 
entries in there look fine.
 
We do know that the bind user, login & pass are good because we can use those 
values with LDP to browse/search LDAP.
 
So, something is wonky with the Remedy AREA plugin, they just don't know what 
yet. Bundled up  the config files and logs (java stuff too) and they are going 
to have a look, presumably with engineering.
 
After all this, I wouldn't be surprised to find it's a network issue or 
something outside of Remedy. If only we could get logging to wake up, we could 
have better visibility into what it's doing. But the logging side is just not 
cooperating...
 
Thanks,
JDHood
 
-Original Message- 
On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote:
Do you see the lines in the log where it is loading the AREA plugin?   If not 
how is the arealdap plugin listed in the ar.cfg file?

An additional thought...
On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru 
the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr 
directory.

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Wednesday, December 21, 2011 5:50 PM
To: arslist@ARSLIST.ORG
Subject: AREA LDAP logging question

**
7.6.04 ITSM on Windows & SQL Server

I'm trying to configure AREA authentication. I have everything configured 
enough to make an authentication attempt and the attempt naturally fails.

I do not have a POC at the LDAP server to check my test user's account or to 
check logging on the LDAP end.

At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or 
hitting the test user's LDAP account.

With plugin logging on and set to "ALL", I get about 730 lines of logging when 
I attempt to login with a test user.

Out of those 730 lines of logging, I only get the following two lines that 
mention AREA or my user:

 /* Wed Dec 21 2011 18:14:13.9300 */+VL    AREAVerifyLoginCallback       
   -- user TRAIN19

Re: AREA LDAP logging question

2011-12-22 Thread JD Hood 
Ok, I just tried that with logging on and I see:

 /* Thu Dec 22 2011 19:16:06.3790 */AREAPlug-In Loaded:
ARSYS.AREA.HUB version 2

Next, I commented out the plugin server in the armonitor and cranked it up
manually and I got the following:

D:\Program Files\BMC Software\ARSystem>arplugin.exe  --unicode -i
"D:\Program Files\BMC Software\ARSystem" -m

Action Request System(R)  Plug-In Server   Version 7.6.04 SP2 201110080614
(c) Copyright 2001-2011 BMC Software, Inc.

Action Request System(R) Approval Server   Version 7.6.04 SP2 201110080614
(c) Copyright 1999-2011 BMC Software, Inc.


Next item, checking the ar.cfg, I have the following lines that reference
AREA and Plugin:

Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap
Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll"
AREA-Hub-Plugin:


Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or
something else?

Thanks,
JDHood




On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett <
danny.kell...@strategicworkflow.com> wrote:

> **
>
> JD,
>
> ** **
>
> When you start the AR Server (or kill -9 arplugin) and it creates a new
> arplugin log file, do you see this anywhere?
>
> ** **
>
> Plug-In Loaded: ARSYS.AREA.LDAP version 2
>
> ** **
>
> In fact I would search for ARSYS.AREA.LDAP. If you don’t have any in
> there, then the plugin isn’t loading. 
>
> ** **
>
> If this is the case, comment out the arplugin line in the armonitor.conf
> and restart. Then you can start the arplugin manually from the commandline.
> Then if something is up, it will echo it to the console.
>
> ** **
>
> I don’t think your arealdap plugin is loading. In your ar.conf, have you
> got the arealdap.so (or dll) on a line beginning with Plugin: or
> AREA-Hub-Plugin:?
>
> ** **
>
> If its the second one, then make sure you have Plugin:
> /areahub.so (or dll)
>
> ** **
>
> Kind regards
>
> Danny
>
> ** **
>
> ** **
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *JD Hood
> *Sent:* 22 December 2011 23:39
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: AREA LDAP logging question
>
> ** **
>
> ** The plugin log only will show a single +VL and -VL per each login
> attempt.  I don't see anything that indicates it's loading the AREA plugin
> in the plugin log. 
>
> ** **
>
> When support saw that, they went straight to the ar.cfg, but the AREA
> config entries in there look fine.
>
> ** **
>
> We do know that the bind user, login & pass are good because we can use
> those values with LDP to browse/search LDAP.
>
> ** **
>
> So, something is wonky with the Remedy AREA plugin, they just don't know
> what yet. Bundled up  the config files and logs (java stuff too) and they
> are going to have a look, presumably with engineering.
>
> ** **
>
> After all this, I wouldn't be surprised to find it's a network issue or
> something outside of Remedy. If only we could get logging to wake up, we
> could have better visibility into what it's doing. But the logging side is
> just not cooperating...
>
> ** **
>
> Thanks,
>
> JDHood
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W <
> frederick.w.gro...@xo.com> wrote:
>
> Do you see the lines in the log where it is loading the AREA plugin?   If
> not how is the arealdap plugin listed in the ar.cfg file?
>
> An additional thought...
> On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged
> thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the
> pluginsvr directory.
>
> Fred
>
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of JD Hood
> Sent: Wednesday, December 21, 2011 5:50 PM
> To: arslist@ARSLIST.ORG
> Subject: AREA LDAP logging question
>
> **
> 7.6.04 ITSM on Windows & SQL Server
>
> I'm trying to configure AREA authentication. I have everything configured
> enough to make an authentication attempt and the attempt naturally fails.
>
> I do not have a POC at the LDAP server to check my test user's account or
> to check logging on the LDAP end.
>
> At this point, I'm not even sure I'm reaching LDAP, successfully binding
> and/or hitting the test user's LDAP account.
>
> With plugin logging on and set to "ALL", I get about 730 lines of logging
> when I attempt to login with a test user.
>
> Out of

Re: AREA LDAP logging question

2011-12-22 Thread Danny Kellett 
JD,

 

When you start the AR Server (or kill -9 arplugin) and it creates a new
arplugin log file, do you see this anywhere?

 

Plug-In Loaded: ARSYS.AREA.LDAP version 2

 

In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there,
then the plugin isn't loading. 

 

If this is the case, comment out the arplugin line in the armonitor.conf and
restart. Then you can start the arplugin manually from the commandline. Then
if something is up, it will echo it to the console.

 

I don't think your arealdap plugin is loading. In your ar.conf, have you got
the arealdap.so (or dll) on a line beginning with Plugin: or
AREA-Hub-Plugin:?

 

If its the second one, then make sure you have Plugin: /areahub.so
(or dll)

 

Kind regards

Danny

 

 

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: 22 December 2011 23:39
To: arslist@ARSLIST.ORG
Subject: Re: AREA LDAP logging question

 

** The plugin log only will show a single +VL and -VL per each login
attempt.  I don't see anything that indicates it's loading the AREA plugin
in the plugin log. 

 

When support saw that, they went straight to the ar.cfg, but the AREA config
entries in there look fine.

 

We do know that the bind user, login & pass are good because we can use
those values with LDP to browse/search LDAP.

 

So, something is wonky with the Remedy AREA plugin, they just don't know
what yet. Bundled up  the config files and logs (java stuff too) and they
are going to have a look, presumably with engineering.

 

After all this, I wouldn't be surprised to find it's a network issue or
something outside of Remedy. If only we could get logging to wake up, we
could have better visibility into what it's doing. But the logging side is
just not cooperating...

 

Thanks,

JDHood

 

 

 

 

 

 

On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W
 wrote:

Do you see the lines in the log where it is loading the AREA plugin?   If
not how is the arealdap plugin listed in the ar.cfg file?

An additional thought...
On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged
thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr
directory.

Fred


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Wednesday, December 21, 2011 5:50 PM
To: arslist@ARSLIST.ORG
Subject: AREA LDAP logging question

**
7.6.04 ITSM on Windows & SQL Server

I'm trying to configure AREA authentication. I have everything configured
enough to make an authentication attempt and the attempt naturally fails.

I do not have a POC at the LDAP server to check my test user's account or to
check logging on the LDAP end.

At this point, I'm not even sure I'm reaching LDAP, successfully binding
and/or hitting the test user's LDAP account.

With plugin logging on and set to "ALL", I get about 730 lines of logging
when I attempt to login with a test user.

Out of those 730 lines of logging, I only get the following two lines that
mention AREA or my user:

 /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback
-- user TRAIN19
 /* Wed Dec 21 2011 18:14:13.9300 */-VL
FAIL 


This is like troubleshooting via braille method. Is there another AREA/LDAP
log or some way to log the bind and auth attempt on the REMEDY side?

I've checked ARSList archives and the BMC KB's and can't find anything that
I haven't already tried. I do see some really nice log examples (Knowledge
Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I
think they would tell me what I need to know to get this working. For now,
all I can find is those two measly log lines above.

Any suggestions on how to get AREA logging much more verbose on the *REMEDY
SIDE*?

Thanks in advance!
JDHood


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

 

_attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-22 Thread JD Hood 
The plugin log only will show a single +VL and -VL per each login attempt.
 I don't see anything that indicates it's loading the AREA plugin in the
plugin log.

When support saw that, they went straight to the ar.cfg, but the AREA
config entries in there look fine.

We do know that the bind user, login & pass are good because we can use
those values with LDP to browse/search LDAP.

So, something is wonky with the Remedy AREA plugin, they just don't know
what yet. Bundled up  the config files and logs (java stuff too) and they
are going to have a look, presumably with engineering.

After all this, I wouldn't be surprised to find it's a network issue or
something outside of Remedy. If only we could get logging to wake up, we
could have better visibility into what it's doing. But the logging side is
just not cooperating...

Thanks,
JDHood







On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W <
frederick.w.gro...@xo.com> wrote:

> Do you see the lines in the log where it is loading the AREA plugin?   If
> not how is the arealdap plugin listed in the ar.cfg file?
>
> An additional thought...
> On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged
> thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the
> pluginsvr directory.
>
> Fred
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of JD Hood
> Sent: Wednesday, December 21, 2011 5:50 PM
> To: arslist@ARSLIST.ORG
> Subject: AREA LDAP logging question
>
> **
> 7.6.04 ITSM on Windows & SQL Server
>
> I'm trying to configure AREA authentication. I have everything configured
> enough to make an authentication attempt and the attempt naturally fails.
>
> I do not have a POC at the LDAP server to check my test user's account or
> to check logging on the LDAP end.
>
> At this point, I'm not even sure I'm reaching LDAP, successfully binding
> and/or hitting the test user's LDAP account.
>
> With plugin logging on and set to "ALL", I get about 730 lines of logging
> when I attempt to login with a test user.
>
> Out of those 730 lines of logging, I only get the following two lines that
> mention AREA or my user:
>
>  390695> /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback
>-- user TRAIN19
>  390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL
>FAIL
>
>
> This is like troubleshooting via braille method. Is there another
> AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY
> side?
>
> I've checked ARSList archives and the BMC KB's and can't find anything
> that I haven't already tried. I do see some really nice log
> examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on
> the Remedy Side. I think they would tell me what I need to know to get this
> working. For now, all I can find is those two measly log lines above.
>
> Any suggestions on how to get AREA logging much more verbose on the
> *REMEDY SIDE*?
>
> Thanks in advance!
> JDHood
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-22 Thread JD Hood 
Yep, it stumped BMC support during the webex too. It's there, plain as
day (Plugin-Log-Level:
100)*and* everything else is logging like a champ (or appears to be). Just
not AREA. No idea why or how to make it behave.

Thanks
JDHood




On Thu, Dec 22, 2011 at 2:14 PM, Danny Kellett <
danny.kell...@strategicworkflow.com> wrote:

> **
> JD
>
> Your log snippet is not an example of the plugin log level set to 100. So
> do you have that line duplicated in you AR.cfg by accident?
>
> The BMC plugin is very good at letting you know what is wrong when set to
> 100.
>
> Have you restarted since setting log level to 100?
>
> Regards
> Danny
>
> On 22 Dec 2011, at 18:53, JD Hood  wrote:
>
> ** I appreciate the offer, but the client might frown on posting their
> info on the list. So, I've opened an issue with BMC instead.
>
> But I think you might be on to something. I see a ton of logging for
> ARDBC, but just a few lines for AREA on startup.
>
> And I just realized I've omitted that we are setting it up for multiple
> domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a
> Multi-Domain Environment); however, we just have the one LDAP server
> defined in AREA at this time.
>
> MS's LDP.exe confirms we can reach the target LDAP server *and* bind using
> our test user *and* authenticate with that test user outside of Remedy.
>
> But within Remedy, we get "Authentication Failed". We know we have the
> user & pass correct, so the possibilities are: Remedy isn't actually
> connecting to LDAP *or* it is connecting, but can't find the user. Until I
> can validate the plugin is starting up and get logging to spit out more
> info, I'm stuck using the braille method to troubleshoot.
>
> Full circle now -- time to engage BMC support.
>
> Thanks again,
> JDHood
>
>
> On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark wrote:
>
>> **
>>
>> I suspect that either the AREA LDAP plugin is not being loaded for some
>> reason or there is a configuration issue.
>>
>> ** **
>>
>> Are you able to post the ar.conf and the plugin log, from startup, so
>> that I can see what you have set up?
>>
>> ** **
>>
>> Mark
>>
>> ** **
>>
>> I work for BMC, I don’t speak for them.
>>
>> ** **
>>
>> *From:* Action Request System discussion list(ARSList) [mailto:
>> arslist@ARSLIST.ORG] *On Behalf Of *JD Hood
>> *Sent:* 21 December 2011 23:50
>> *To:* arslist@ARSLIST.ORG
>> *Subject:* AREA LDAP logging question
>>
>> ** **
>>
>> ** 
>>
>> 7.6.04 ITSM on Windows & SQL Server
>>
>> ** **
>>
>> I'm trying to configure AREA authentication. I have everything configured
>> enough to make an authentication attempt and the attempt naturally fails.
>> 
>>
>> ** **
>>
>> I do not have a POC at the LDAP server to check my test user's account or
>> to check logging on the LDAP end.
>>
>> ** **
>>
>> At this point, I'm not even sure I'm reaching LDAP, successfully binding
>> and/or hitting the test user's LDAP account.
>>
>> ** **
>>
>> With plugin logging on and set to "ALL", I get about 730 lines of logging
>> when I attempt to login with a test user.
>>
>> ** **
>>
>> Out of those 730 lines of logging, I only get the following two lines
>> that mention AREA or my user:
>>
>> ** **
>>
>>
>>  /* Wed Dec 21 2011 18:14:13.9300 */+VL
>>  AREAVerifyLoginCallback  -- user TRAIN19
>>
>>
>>  /* Wed Dec 21 2011 18:14:13.9300 */-VL
>>FAIL 
>>
>> ** **
>>
>> ** **
>>
>> This is like troubleshooting via braille method. Is there another
>> AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY
>> side?
>>
>> ** **
>>
>> I've checked ARSList archives and the BMC KB's and can't find anything
>> that I haven't already tried. I do see some really nice log
>> examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on
>> the Remedy Side. I think they would tell me what I need to know to get this
>> working. For now, all I can find is those two measly log lines above.
>>
>> ** **
>>
>> Any suggestions on how to get AREA logging much more verbose on the
>> *REMEDY SIDE*?
>>
>> ** **
>>
>> Thanks in advance!
>>
>> JDHood
>>
>> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ 
>> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
>
>
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
>
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-22 Thread Grooms, Frederick W 
Do you see the lines in the log where it is loading the AREA plugin?   If not 
how is the arealdap plugin listed in the ar.cfg file?

An additional thought...   
On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru 
the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr 
directory.

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: Wednesday, December 21, 2011 5:50 PM
To: arslist@ARSLIST.ORG
Subject: AREA LDAP logging question

** 
7.6.04 ITSM on Windows & SQL Server

I'm trying to configure AREA authentication. I have everything configured 
enough to make an authentication attempt and the attempt naturally fails.

I do not have a POC at the LDAP server to check my test user's account or to 
check logging on the LDAP end.

At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or 
hitting the test user's LDAP account.

With plugin logging on and set to "ALL", I get about 730 lines of logging when 
I attempt to login with a test user.

Out of those 730 lines of logging, I only get the following two lines that 
mention AREA or my user:

 /* Wed Dec 21 2011 18:14:13.9300 */+VL    AREAVerifyLoginCallback       
   -- user TRAIN19
 /* Wed Dec 21 2011 18:14:13.9300 */-VL                                
FAIL 


This is like troubleshooting via braille method. Is there another AREA/LDAP log 
or some way to log the bind and auth attempt on the REMEDY side?

I've checked ARSList archives and the BMC KB's and can't find anything that I 
haven't already tried. I do see some really nice log examples (Knowledge 
Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think 
they would tell me what I need to know to get this working. For now, all I can 
find is those two measly log lines above.

Any suggestions on how to get AREA logging much more verbose on the *REMEDY 
SIDE*?

Thanks in advance!
JDHood

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-22 Thread Danny Kellett 
JD

Your log snippet is not an example of the plugin log level set to 100. So do 
you have that line duplicated in you AR.cfg by accident?

The BMC plugin is very good at letting you know what is wrong when set to 100. 

Have you restarted since setting log level to 100?

Regards
Danny

On 22 Dec 2011, at 18:53, JD Hood  wrote:

> ** I appreciate the offer, but the client might frown on posting their info 
> on the list. So, I've opened an issue with BMC instead. 
> 
> But I think you might be on to something. I see a ton of logging for ARDBC, 
> but just a few lines for AREA on startup.
> 
> And I just realized I've omitted that we are setting it up for multiple 
> domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a 
> Multi-Domain Environment); however, we just have the one LDAP server defined 
> in AREA at this time.
> 
> MS's LDP.exe confirms we can reach the target LDAP server *and* bind using 
> our test user *and* authenticate with that test user outside of Remedy.
> 
> But within Remedy, we get "Authentication Failed". We know we have the user & 
> pass correct, so the possibilities are: Remedy isn't actually connecting to 
> LDAP *or* it is connecting, but can't find the user. Until I can validate the 
> plugin is starting up and get logging to spit out more info, I'm stuck using 
> the braille method to troubleshoot.
> 
> Full circle now -- time to engage BMC support.
> 
> Thanks again,
> JDHood
> 
> 
> On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark  wrote:
> **
> I suspect that either the AREA LDAP plugin is not being loaded for some 
> reason or there is a configuration issue.
> 
>  
> 
> Are you able to post the ar.conf and the plugin log, from startup, so that I 
> can see what you have set up?
> 
>  
> 
> Mark
> 
>  
> 
> I work for BMC, I don’t speak for them.
> 
>  
> 
> From: Action Request System discussion list(ARSList) 
> [mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
> Sent: 21 December 2011 23:50
> To: arslist@ARSLIST.ORG
> Subject: AREA LDAP logging question
> 
>  
> 
> **
> 
> 7.6.04 ITSM on Windows & SQL Server
> 
>  
> 
> I'm trying to configure AREA authentication. I have everything configured 
> enough to make an authentication attempt and the attempt naturally fails.
> 
>  
> 
> I do not have a POC at the LDAP server to check my test user's account or to 
> check logging on the LDAP end.
> 
>  
> 
> At this point, I'm not even sure I'm reaching LDAP, successfully binding 
> and/or hitting the test user's LDAP account.
> 
>  
> 
> With plugin logging on and set to "ALL", I get about 730 lines of logging 
> when I attempt to login with a test user.
> 
>  
> 
> Out of those 730 lines of logging, I only get the following two lines that 
> mention AREA or my user:
> 
>  
> 
>  390695> /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback 
>  -- user TRAIN19
> 
>  390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL
> FAIL 
> 
>  
> 
>  
> 
> This is like troubleshooting via braille method. Is there another AREA/LDAP 
> log or some way to log the bind and auth attempt on the REMEDY side?
> 
>  
> 
> I've checked ARSList archives and the BMC KB's and can't find anything that I 
> haven't already tried. I do see some really nice log examples (Knowledge 
> Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I 
> think they would tell me what I need to know to get this working. For now, 
> all I can find is those two measly log lines above.
> 
>  
> 
> Any suggestions on how to get AREA logging much more verbose on the *REMEDY 
> SIDE*?
> 
>  
> 
> Thanks in advance!
> 
> JDHood
> 
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
> 
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
> 
> _attend WWRUG12 www.wwrug.com  ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-22 Thread JD Hood 
I appreciate the offer, but the client might frown on posting their info on
the list. So, I've opened an issue with BMC instead.

But I think you might be on to something. I see a ton of logging for ARDBC,
but just a few lines for AREA on startup.

And I just realized I've omitted that we are setting it up for multiple
domain logins (Knowledge Article: KA288124 -- Configuring AREA LDAP in a
Multi-Domain Environment); however, we just have the one LDAP server
defined in AREA at this time.

MS's LDP.exe confirms we can reach the target LDAP server *and* bind using
our test user *and* authenticate with that test user outside of Remedy.

But within Remedy, we get "Authentication Failed". We know we have the user
& pass correct, so the possibilities are: Remedy isn't actually connecting
to LDAP *or* it is connecting, but can't find the user. Until I can
validate the plugin is starting up and get logging to spit out more info,
I'm stuck using the braille method to troubleshoot.

Full circle now -- time to engage BMC support.

Thanks again,
JDHood


On Thu, Dec 22, 2011 at 2:44 AM, Walters, Mark  wrote:

> **
>
> I suspect that either the AREA LDAP plugin is not being loaded for some
> reason or there is a configuration issue.
>
> ** **
>
> Are you able to post the ar.conf and the plugin log, from startup, so that
> I can see what you have set up?
>
> ** **
>
> Mark
>
> ** **
>
> I work for BMC, I don’t speak for them.
>
> ** **
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *JD Hood
> *Sent:* 21 December 2011 23:50
> *To:* arslist@ARSLIST.ORG
> *Subject:* AREA LDAP logging question
>
> ** **
>
> ** 
>
> 7.6.04 ITSM on Windows & SQL Server
>
> ** **
>
> I'm trying to configure AREA authentication. I have everything configured
> enough to make an authentication attempt and the attempt naturally fails.*
> ***
>
> ** **
>
> I do not have a POC at the LDAP server to check my test user's account or
> to check logging on the LDAP end.
>
> ** **
>
> At this point, I'm not even sure I'm reaching LDAP, successfully binding
> and/or hitting the test user's LDAP account.
>
> ** **
>
> With plugin logging on and set to "ALL", I get about 730 lines of logging
> when I attempt to login with a test user.
>
> ** **
>
> Out of those 730 lines of logging, I only get the following two lines that
> mention AREA or my user:
>
> ** **
>
>  390695> /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback
>-- user TRAIN19
>
>  390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL
>FAIL 
>
> ** **
>
> ** **
>
> This is like troubleshooting via braille method. Is there another
> AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY
> side?
>
> ** **
>
> I've checked ARSList archives and the BMC KB's and can't find anything
> that I haven't already tried. I do see some really nice log
> examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on
> the Remedy Side. I think they would tell me what I need to know to get this
> working. For now, all I can find is those two measly log lines above.
>
> ** **
>
> Any suggestions on how to get AREA logging much more verbose on the
> *REMEDY SIDE*?
>
> ** **
>
> Thanks in advance!
>
> JDHood
>
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ 
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-22 Thread JD Hood 
I did that, but no joy - I still get the same two lines (re: AREA) out of
about 730 total log lines.

-JDH


On Thu, Dec 22, 2011 at 3:13 AM, John Baker
wrote:

> JD
>
> Set the Plugin-Log-Level to 100 in ar.cfg. That should give you much
> more logging.
>
>
> John
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-21 Thread Walters, Mark 
I suspect that either the AREA LDAP plugin is not being loaded for some reason 
or there is a configuration issue.

Are you able to post the ar.conf and the plugin log, from startup, so that I 
can see what you have set up?

Mark

I work for BMC, I don't speak for them.

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of JD Hood
Sent: 21 December 2011 23:50
To: arslist@ARSLIST.ORG
Subject: AREA LDAP logging question

**
7.6.04 ITSM on Windows & SQL Server

I'm trying to configure AREA authentication. I have everything configured 
enough to make an authentication attempt and the attempt naturally fails.

I do not have a POC at the LDAP server to check my test user's account or to 
check logging on the LDAP end.

At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or 
hitting the test user's LDAP account.

With plugin logging on and set to "ALL", I get about 730 lines of logging when 
I attempt to login with a test user.

Out of those 730 lines of logging, I only get the following two lines that 
mention AREA or my user:

 /* Wed Dec 21 2011 18:14:13.9300 */+VLAREAVerifyLoginCallback   
   -- user TRAIN19
 /* Wed Dec 21 2011 18:14:13.9300 */-VL
FAIL


This is like troubleshooting via braille method. Is there another AREA/LDAP log 
or some way to log the bind and auth attempt on the REMEDY side?

I've checked ARSList archives and the BMC KB's and can't find anything that I 
haven't already tried. I do see some really nice log examples (Knowledge 
Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think 
they would tell me what I need to know to get this working. For now, all I can 
find is those two measly log lines above.

Any suggestions on how to get AREA logging much more verbose on the *REMEDY 
SIDE*?

Thanks in advance!
JDHood
_attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers 
Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: AREA LDAP logging question

2011-12-21 Thread JD Hood 
Thanks Jesus,

I'm OK with the set-up and with an ldap browser, I just need to get more
verbose logging on the Remedy side so I can see what the Remedy plugin is
doing to troubleshoot it.

Thanks again,
JDHood



On Wed, Dec 21, 2011 at 7:14 PM, VARGAS, JESUS EMILIO (JESUS EMILIO) <
jesus_emilio.var...@alcatel-lucent.com> wrote:

> ** ** **
>
> The second mail part1 with the guide..!
>
> ** **
>
> Best Regards.
>
> ** **
>
> ** **
>
> *J. Emilio Vargas*
> ALCATEL-LUCENT
> Av. Ciencia #13 Zona Industrial.
> Cuautitlan Izcalli - México
> T:  +52 55 5870 9000
> M:  +52 1 55 5509 5590
> jesus_emilio.var...@alcatel-lucent.com 
>   --
>
> *From:* VARGAS, JESUS EMILIO (JESUS EMILIO)
> *Sent:* Miércoles, 21 de Diciembre de 2011 06:12 p.m.
> *To:* 'arslist@ARSLIST.ORG'
> *Subject:* FW: AREA LDAP logging question
>
> ** **
>
> Hi JD Hood
>
> ** **
>
> My recommendation is first check if you AR Server is able to connect to
> AREA Server (Active Directory), as attach I send you a small software than
> can help you to do the test. Ldp.exe (.zip file)
>
> ** **
>
> And in a second mail w2guides “how to configure AREA…!” Is for old
> version, but the process is the same
>
> ** **
>
> Best Regards.
>
> *J. Emilio Vargas*
> ALCATEL-LUCENT
> Av. Ciencia #13 Zona Industrial.
> Cuautitlan Izcalli - México
> T:  +52 55 5870 9000
> M:  +52 1 55 5509 5590
> jesus_emilio.var...@alcatel-lucent.com 
>   --
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *JD Hood
> *Sent:* Miércoles, 21 de Diciembre de 2011 05:50 p.m.
> *To:* arslist@ARSLIST.ORG
> *Subject:* AREA LDAP logging question
>
> ** **
>
> ** 
>
> 7.6.04 ITSM on Windows & SQL Server
>
> ** **
>
> I'm trying to configure AREA authentication. I have everything configured
> enough to make an authentication attempt and the attempt naturally fails.*
> ***
>
> ** **
>
> I do not have a POC at the LDAP server to check my test user's account or
> to check logging on the LDAP end.
>
> ** **
>
> At this point, I'm not even sure I'm reaching LDAP, successfully binding
> and/or hitting the test user's LDAP account.
>
> ** **
>
> With plugin logging on and set to "**ALL**", I get about 730 lines of
> logging when I attempt to login with a test user.
>
> ** **
>
> Out of those 730 lines of logging, I only get the following two lines that
> mention AREA or my user:
>
> ** **
>
>  390695> /* Wed **Dec 21 2011** 18:14:13.9300 */+VL
>  AREAVerifyLoginCallback  -- user TRAIN19
>
>  390695> /* Wed **Dec 21 2011** 18:14:13.9300 */-VL
>  FAIL 
>
> ** **
>
> ** **
>
> This is like troubleshooting via braille method. Is there another
> AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY
> side?
>
> ** **
>
> I've checked ARSList archives and the **BMC** KB's and can't find
> anything that I haven't already tried. I do see some really nice log
> examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on
> the Remedy Side. I think they would tell me what I need to know to get this
> working. For now, all I can find is those two measly log lines above.
>
> ** **
>
> Any suggestions on how to get AREA logging much more verbose on the
> *REMEDY **SIDE***?
>
> ** **
>
> Thanks in advance!
>
> JDHood
>
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ 
>  _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"