Re: LDAP

[rajesh singh]

Hi Fred,

We don't have any server set up with local password.

Regards,
Rajesh


On Fri, Jun 13, 2014 at 3:58 AM, Grooms, Frederick W <
frederick.w.gro...@xo.com> wrote:

> Do you have any servers set up with a local password?
>
> Fred
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of Rajesh Singh
> Sent: Thursday, June 12, 2014 1:45 PM
> To: arslist@ARSLIST.ORG
> Subject: LDAP
>
> Hi Team,
>
> I am new to the remedy , i want to know something about LDAP configuration.
>
> most of the time when I already logged in to the system , meanwhile when I
> am trying to log in
> to any other server my account get locked.
>
> I have to unlock my account after that only i can able to login to that
> server.
>
> Could you please let me know if there is any LDAP related issue what is my
> first approach to check.
>
> Please give me your valuable input here.
>
> Regards,
> Rajesh Singh
>
>
>
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP

[Grooms, Frederick W]

Do you have any servers set up with a local password?

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Rajesh Singh
Sent: Thursday, June 12, 2014 1:45 PM
To: arslist@ARSLIST.ORG
Subject: LDAP

Hi Team,

I am new to the remedy , i want to know something about LDAP configuration.

most of the time when I already logged in to the system , meanwhile when I am 
trying to log in 
to any other server my account get locked. 

I have to unlock my account after that only i can able to login to that server.

Could you please let me know if there is any LDAP related issue what is my 
first approach to check. 

Please give me your valuable input here.

Regards,
Rajesh Singh




___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP integration - ARDBC Configuration

[Joe D'Souza]

You are right in your "PS"" notes.. The available list of Vendor Tables you
see there are just a subset of actual list of tables you would actually see
in a LDAP browser. I am not sure how the plugin populates that subset, but
it is not the complete list - not even close according to a LDAP
administrators advise to me given in the past. I am not an LDAP
administrator, so I wasn't in the position to find out why the ARS AREA
plugin cannot see the full list.

However, when you manually type in the correct search path, it does display
the field or column list of that table.

Cheers

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W
Sent: Tuesday, March 18, 2014 6:21 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP integration - ARDBC Configuration

Added here from BMC Communities cross post
https://communities.bmc.com/thread/103006

For Outlook groups in AD I don't think I have seen "No Children".  What I
see is a list of records in the member attribute.

Also Groups should be  ??sub?(objectclass=group)
objectclass=inetorgperson is individual people records not groups   
   i.e.
ldap://mail.mydomain.com/DC=mail,DC=mydomain,DC=com??sub?(objectclass=group)


Fred

P.S.  I always thought the "Available Vendor Tables" showed the ones that
have been used in other Vendor forms not a list of all possible choices for
LDAP.


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Karthick S
Sent: Monday, March 17, 2014 11:01 PM
To: arslist@ARSLIST.ORG
Subject: LDAP integration - ARDBC Configuration

** 
Hi All,

I have successfully implemented AREA and it works fine.
 
Requirement:
Now I am planning to use ARDBC for retrieving AD information for the
employee(s) into Remedy application. Our client requirement is 'Whenever an
employee(s) is added to Remedy group in active directory remedy profile need
to created automatically', for automatic profile creation I can write using
workflows.

Issue:
The issue here is I am unable to see the employee is listed in the group
when I tried connecting to ARDBC 'ARSYS.ARDBC.LDAP' and I am unable to see
the syntax like
'ldap://orangina/o=remedy.com??sub?(objectclass=inetorgperson)'. 
 
Please find the attached screen shot.

I have tried using the ldap.exe utility to find the dn and verified the
group it show 'No Children', but When I verified the group in Outlook users
were present in that group, 

Is there any other way to implement this, please help me on this.

Regards,
Karthick S


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP integration - ARDBC Configuration

[Grooms, Frederick W]

Added here from BMC Communities cross post  
https://communities.bmc.com/thread/103006

For Outlook groups in AD I don't think I have seen "No Children".  What I see 
is a list of records in the member attribute.

Also Groups should be  ??sub?(objectclass=group)   
objectclass=inetorgperson is individual people records not groups   
   i.e.   
ldap://mail.mydomain.com/DC=mail,DC=mydomain,DC=com??sub?(objectclass=group)   

Fred

P.S.  I always thought the "Available Vendor Tables" showed the ones that have 
been used in other Vendor forms not a list of all possible choices for LDAP.


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Karthick S
Sent: Monday, March 17, 2014 11:01 PM
To: arslist@ARSLIST.ORG
Subject: LDAP integration - ARDBC Configuration

** 
Hi All,

I have successfully implemented AREA and it works fine.
 
Requirement:
Now I am planning to use ARDBC for retrieving AD information for the 
employee(s) into Remedy application. Our client requirement is 'Whenever an 
employee(s) is added to Remedy group in active directory remedy profile need to 
created automatically', for automatic profile creation I can write using 
workflows.

Issue:
The issue here is I am unable to see the employee is listed in the group when I 
tried connecting to ARDBC 'ARSYS.ARDBC.LDAP' and I am unable to see the syntax 
like 'ldap://orangina/o=remedy.com??sub?(objectclass=inetorgperson)'. 
 
Please find the attached screen shot.

I have tried using the ldap.exe utility to find the dn and verified the group 
it show 'No Children', but When I verified the group in Outlook users were 
present in that group, 

Is there any other way to implement this, please help me on this.

Regards,
Karthick S

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP integration - ARDBC Configuration

[Joe D'Souza]

Can you browse the Remedy group using ldap.exe?

 

This should be pretty straight forward. Once you get the search path using
any standard ldap browser and are able to browse the Remedy group, copy that
search path to create your LDAP Vendor table.

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Karthick S
Sent: Tuesday, March 18, 2014 12:01 AM
To: arslist@ARSLIST.ORG
Subject: LDAP integration - ARDBC Configuration

 

** 

Hi All,

 

I have successfully implemented AREA and it works fine.

 

Requirement:

Now I am planning to use ARDBC for retrieving AD information for the
employee(s) into Remedy application. Our client requirement is 'Whenever an
employee(s) is added to Remedy group in active directory remedy profile need
to created automatically', for automatic profile creation I can write using
workflows.

 

Issue:

The issue here is I am unable to see the employee is listed in the group
when I tried connecting to ARDBC 'ARSYS.ARDBC.LDAP' and I am unable to see
the syntax like
'ldap://orangina/o=remedy.com??sub?(objectclass=inetorgperson)'. 

 

Please find the attached screen shot.

 

I have tried using the ldap.exe utility to find the dn and verified the
group it show 'No Children', but When I verified the group in Outlook users
were present in that group, 

 

Is there any other way to implement this, please help me on this.

 

Regards,

Karthick S 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Longwing, Lj]

that's my thought.


On Thu, Sep 5, 2013 at 1:40 PM, Frank Caruso  wrote:

> So if I can do an ldapsearch and find the ID using any format, then the
> issue is probably not the ID being in mixed case letters.
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Frank Caruso]

So if I can do an ldapsearch and find the ID using any format, then the issue 
is probably not the ID being in mixed case letters.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Pierson, Shawn]

I've had similar issues.  What I did was 1) change my LDAP ARDBC integration to 
do a lower() function on the AD attributes (such as cn) that stored the login 
name when I pulled it in to Remedy, and 2) customized the login.jsp page to 
automatically set the values in the Login Name field to be lower case I believe 
when it lost focus.  However, since then we've been using an SSO tool so it 
hasn't been an issue for a few years.

Thanks,

Shawn Pierson 
Remedy Developer | Energy Transfer

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Frank Caruso
Sent: Thursday, September 05, 2013 12:16 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Authentication Case Sensitivity

ITSM 764 sp2; RHEL, Oracle, Weblogic

Using AREALdap for authentication. From the web the user types in their network 
ID and we match against the sAMAccountName in LDAP. The ID is stored in AD in 
all upper case letters; at least that is what I thought. Come to find out the 
ID is stored in mixed case; sometimes all upper, sometimes all lower and 
sometimes mixed. So, unless the user knows how their ID is stored in LDAP the 
login to Remedy will fail. I was forcing all logins to upper case when the 
login button was clicked but am now realizing that will not work for all IDs.

Is this something I can handle in AREALDAP?

Thank you

Frank Caruso

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers 
Are, and have been for 20 years"

Private and confidential as detailed here: 
http://www.energytransfer.com/mail_disclaimer.aspx .  If you cannot access the 
link, please e-mail sender.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Rjust]

The issue is the login on the User form must be the same as the login that the 
user typed into the login screen.

Sent from my iPhone

On Sep 5, 2013, at 3:40 PM, Frank Caruso  wrote:

> So if I can do an ldapsearch and find the ID using any format, then the issue 
> is probably not the ID being in mixed case letters.
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Longwing, Lj]

their fault for not saying yes, or your fault for believing them? :D


On Thu, Sep 5, 2013 at 2:00 PM, Frank Caruso  wrote:

> Arg!!!I asked the user several times if their account was locked
> and then said no, but it was!
> That was the issue. Once unlocked they could login and AD authenticate.
>
> Thank you all for your help!
>
> Frank Caruso
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Grooms, Frederick W]

What most people do is to force the Remedy login into a known case (either all 
upper or all lower) in the User form and on the Mid-Tier login.jsp add the 
onChange action to the username field.

onChange="javascript:this.value = this.value.toLowerCase();"

or

onChange="javascript:this.value = this.value.toUpperCase();"

Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Rjust
Sent: Thursday, September 05, 2013 2:43 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Authentication Case Sensitivity

The issue is the login on the User form must be the same as the login that the 
user typed into the login screen.

Sent from my iPhone

On Sep 5, 2013, at 3:40 PM, Frank Caruso  wrote:

> So if I can do an ldapsearch and find the ID using any format, then the issue 
> is probably not the ID being in mixed case letters.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Frank Caruso]

Arg!!!I asked the user several times if their account was locked and 
then said no, but it was!
That was the issue. Once unlocked they could login and AD authenticate.

Thank you all for your help!

Frank Caruso

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP Authentication Case Sensitivity

[Longwing, Lj]

Frank,
I have personally found that while Remedy is user id case sensitive, active
directory isn'tso really, the only thing that matters is that you match
the case of the user id in your remedy user table...the password is of
course case sensitive...but the user name should not be, not in AD at least.


On Thu, Sep 5, 2013 at 11:16 AM, Frank Caruso wrote:

> ITSM 764 sp2; RHEL, Oracle, Weblogic
>
> Using AREALdap for authentication. From the web the user types in their
> network ID and we match against the sAMAccountName in LDAP. The ID is
> stored in AD in all upper case letters; at least that is what I thought.
> Come to find out the ID is stored in mixed case; sometimes all upper,
> sometimes all lower and sometimes mixed. So, unless the user knows how
> their ID is stored in LDAP the login to Remedy will fail. I was forcing all
> logins to upper case when the login button was clicked but am now realizing
> that will not work for all IDs.
>
> Is this something I can handle in AREALDAP?
>
> Thank you
>
> Frank Caruso
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: LDAP authentication issue

[Remedy Maniac]

Hi Fred,

that was the issue. Using

sAMAccountName=$\USER$

helped to solve my problem.
Many thanks




On 10/2/2012 3:35 PM, Grooms, Frederick W wrote:

Serouche,

The Login Name on an Active Directory LDAP search is usually sAMAccountName, so in the 
configuration form "AREA LDAP Configuration" the User Search Filter would be 
sAMAccountName=$\USER$

Make sure in your setup that you should be querying for the login in a field 
called uid.  What Danny said about using Microsoft's LDP tool (as part of the 
Windows Support Tools) or another LDAP tool like the Softerra LDAP Browser 
(http://www.softerra.com/download.htm) is a great suggestion.

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Danny Kellett
Sent: Tuesday, October 02, 2012 5:58 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP authentication issue

Hi,

Its this line that is the issue:

*/  ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")

So under that baseDn, the query uid=testman could not be found.

Ask your domain admin to check the baseDn and use something like ldp.exe
to search for uid=testman.

Kind regards
Danny


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Maniac
Sent: Tuesday, October 02, 2012 3:50 AM
To: arslist@ARSLIST.ORG
Subject: LDAP authentication issue

hi list,

could not find any previous post with the following issue.
Here is what is in my arplugin.log file
...
1
 /* Tue Oct 02 2012 10:40:38.7404 */+VL
AREAVerifyLoginCallback  -- user testman
2
 /* Tue Oct 02 2012 10:40:38.7407
*/  AREAVerifyLoginCallback
3
 /* Tue Oct 02 2012 10:40:38.7409
*/  ldap_init("hqdcc1.domain.org", 389)
4
 /* Tue Oct 02 2012 10:40:38.7411
*/  connect timeout previously: -1
5
 /* Tue Oct 02 2012 10:40:38.7413
*/  connect timeout used: 4
6
 /* Tue Oct 02 2012 10:40:38.7415
*/  ldap_simple_bind("CN=xsldapro,OU=Service
Accounts,OU=Location,OU=New Structure,DC=ads,DC=domain,DC=org", hidden)
7
 /* Tue Oct 02 2012 10:40:38.7445
*/  After the bind
8
 /* Tue Oct 02 2012 10:40:38.7447
*/  ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")
9
 /* Tue Oct 02 2012 10:40:43.4920
*/  We do not know the user
10
 /* Tue Oct 02 2012 10:40:43.4923
*/  LicenseMask=1 LicenseWrite=2 LicenseFTS=0
LicenseReserved1=0 Notification=3 Email= LoginStatus=1
ModificationTime=0
11
 /* Tue Oct 02 2012 10:40:43.4925
*/  Groups=
12
 /* Tue Oct 02 2012 10:40:43.4927
*/-VLFAIL
^@
...

who is this "We" at line 9?
My config settings are based on what the doc says ('authentication chain
= 'AREA - ARS', cross ref pass is checked also authenticate unregistered
users, RPC port set to 390695)
The logs show the bind being done (line 7) but then something "does not
know the user" ...
any help/tips on what could be wrong is very much appreciated.
Regards
Serouche



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP authentication issue

[Danny Kellett]

Fred,

Nice tool. Thanks for the link.

Serouche,

We provide a link to the ldp.exe tool here :
http://www.javasystemsolutions.com/downloads/ldp.exe

It's Microsofts tool we just host it for convenience.

Good luck
Danny

> Serouche,
>
> The Login Name on an Active Directory LDAP search is usually
> sAMAccountName, so in the configuration form "AREA LDAP Configuration" the
> User Search Filter would be sAMAccountName=$\USER$
>
> Make sure in your setup that you should be querying for the login in a
> field called uid.  What Danny said about using Microsoft's LDP tool (as
> part of the Windows Support Tools) or another LDAP tool like the Softerra
> LDAP Browser (http://www.softerra.com/download.htm) is a great
> suggestion.
>
> Fred
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:arslist@ARSLIST.ORG] On Behalf Of Danny Kellett
> Sent: Tuesday, October 02, 2012 5:58 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: LDAP authentication issue
>
> Hi,
>
> Its this line that is the issue:
>
> */  ldap_search_ext("dc=ads,dc=domain,dc=org",
> 2, "uid=testman")
>
> So under that baseDn, the query uid=testman could not be found.
>
> Ask your domain admin to check the baseDn and use something like ldp.exe
> to search for uid=testman.
>
> Kind regards
> Danny
>
>> -Original Message-
>> From: Action Request System discussion list(ARSList)
>> [mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Maniac
>> Sent: Tuesday, October 02, 2012 3:50 AM
>> To: arslist@ARSLIST.ORG
>> Subject: LDAP authentication issue
>>
>> hi list,
>>
>> could not find any previous post with the following issue.
>> Here is what is in my arplugin.log file
>> ...
>> 1
>>  /* Tue Oct 02 2012 10:40:38.7404 */+VL
>> AREAVerifyLoginCallback  -- user testman
>> 2
>>  /* Tue Oct 02 2012 10:40:38.7407
>> */  AREAVerifyLoginCallback
>> 3
>>  /* Tue Oct 02 2012 10:40:38.7409
>> */  ldap_init("hqdcc1.domain.org", 389)
>> 4
>>  /* Tue Oct 02 2012 10:40:38.7411
>> */  connect timeout previously: -1
>> 5
>>  /* Tue Oct 02 2012 10:40:38.7413
>> */  connect timeout used: 4
>> 6
>>  /* Tue Oct 02 2012 10:40:38.7415
>> */  ldap_simple_bind("CN=xsldapro,OU=Service
>> Accounts,OU=Location,OU=New Structure,DC=ads,DC=domain,DC=org", hidden)
>> 7
>>  /* Tue Oct 02 2012 10:40:38.7445
>> */  After the bind
>> 8
>>  /* Tue Oct 02 2012 10:40:38.7447
>> */  ldap_search_ext("dc=ads,dc=domain,dc=org",
>> 2, "uid=testman")
>> 9
>>  /* Tue Oct 02 2012 10:40:43.4920
>> */  We do not know the user
>> 10
>>  /* Tue Oct 02 2012 10:40:43.4923
>> */  LicenseMask=1 LicenseWrite=2 LicenseFTS=0
>> LicenseReserved1=0 Notification=3 Email= LoginStatus=1
>> ModificationTime=0
>> 11
>>  /* Tue Oct 02 2012 10:40:43.4925
>> */  Groups=
>> 12
>>  /* Tue Oct 02 2012 10:40:43.4927
>> */-VLFAIL
>> ^@
>> ...
>>
>> who is this "We" at line 9?
>> My config settings are based on what the doc says ('authentication
>> chain
>> = 'AREA - ARS', cross ref pass is checked also authenticate
>> unregistered
>> users, RPC port set to 390695)
>> The logs show the bind being done (line 7) but then something "does not
>> know the user" ...
>> any help/tips on what could be wrong is very much appreciated.
>> Regards
>> Serouche
>
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP authentication issue

[Grooms, Frederick W]

Serouche,

The Login Name on an Active Directory LDAP search is usually sAMAccountName, so 
in the configuration form "AREA LDAP Configuration" the User Search Filter 
would be sAMAccountName=$\USER$

Make sure in your setup that you should be querying for the login in a field 
called uid.  What Danny said about using Microsoft's LDP tool (as part of the 
Windows Support Tools) or another LDAP tool like the Softerra LDAP Browser 
(http://www.softerra.com/download.htm) is a great suggestion.

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Danny Kellett
Sent: Tuesday, October 02, 2012 5:58 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP authentication issue

Hi,

Its this line that is the issue:

*/  ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")

So under that baseDn, the query uid=testman could not be found.

Ask your domain admin to check the baseDn and use something like ldp.exe
to search for uid=testman.

Kind regards
Danny

> -Original Message-
> From: Action Request System discussion list(ARSList) 
> [mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Maniac
> Sent: Tuesday, October 02, 2012 3:50 AM
> To: arslist@ARSLIST.ORG
> Subject: LDAP authentication issue
>
> hi list,
>
> could not find any previous post with the following issue.
> Here is what is in my arplugin.log file
> ...
> 1
>  /* Tue Oct 02 2012 10:40:38.7404 */+VL
> AREAVerifyLoginCallback  -- user testman
> 2
>  /* Tue Oct 02 2012 10:40:38.7407
> */  AREAVerifyLoginCallback
> 3
>  /* Tue Oct 02 2012 10:40:38.7409
> */  ldap_init("hqdcc1.domain.org", 389)
> 4
>  /* Tue Oct 02 2012 10:40:38.7411
> */  connect timeout previously: -1
> 5
>  /* Tue Oct 02 2012 10:40:38.7413
> */  connect timeout used: 4
> 6
>  /* Tue Oct 02 2012 10:40:38.7415
> */  ldap_simple_bind("CN=xsldapro,OU=Service
> Accounts,OU=Location,OU=New Structure,DC=ads,DC=domain,DC=org", hidden)
> 7
>  /* Tue Oct 02 2012 10:40:38.7445
> */  After the bind
> 8
>  /* Tue Oct 02 2012 10:40:38.7447
> */  ldap_search_ext("dc=ads,dc=domain,dc=org",
> 2, "uid=testman")
> 9
>  /* Tue Oct 02 2012 10:40:43.4920
> */  We do not know the user
> 10
>  /* Tue Oct 02 2012 10:40:43.4923
> */  LicenseMask=1 LicenseWrite=2 LicenseFTS=0
> LicenseReserved1=0 Notification=3 Email= LoginStatus=1
> ModificationTime=0
> 11
>  /* Tue Oct 02 2012 10:40:43.4925
> */  Groups=
> 12
>  /* Tue Oct 02 2012 10:40:43.4927
> */-VLFAIL
> ^@
> ...
>
> who is this "We" at line 9?
> My config settings are based on what the doc says ('authentication chain
> = 'AREA - ARS', cross ref pass is checked also authenticate unregistered
> users, RPC port set to 390695)
> The logs show the bind being done (line 7) but then something "does not
> know the user" ...
> any help/tips on what could be wrong is very much appreciated.
> Regards
> Serouche



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP authentication issue

[Danny Kellett]

Hi,

Its this line that is the issue:

*/  ldap_search_ext("dc=ads,dc=domain,dc=org",
2, "uid=testman")

So under that baseDn, the query uid=testman could not be found.

Ask your domain admin to check the baseDn and use something like ldp.exe
to search for uid=testman.

Kind regards
Danny

> hi list,
>
> could not find any previous post with the following issue.
> Here is what is in my arplugin.log file
> ...
> 1
>  /* Tue Oct 02 2012 10:40:38.7404 */+VL
> AREAVerifyLoginCallback  -- user testman
> 2
>  /* Tue Oct 02 2012 10:40:38.7407
> */  AREAVerifyLoginCallback
> 3
>  /* Tue Oct 02 2012 10:40:38.7409
> */  ldap_init("hqdcc1.domain.org", 389)
> 4
>  /* Tue Oct 02 2012 10:40:38.7411
> */  connect timeout previously: -1
> 5
>  /* Tue Oct 02 2012 10:40:38.7413
> */  connect timeout used: 4
> 6
>  /* Tue Oct 02 2012 10:40:38.7415
> */  ldap_simple_bind("CN=xsldapro,OU=Service
> Accounts,OU=Location,OU=New Structure,DC=ads,DC=domain,DC=org", hidden)
> 7
>  /* Tue Oct 02 2012 10:40:38.7445
> */  After the bind
> 8
>  /* Tue Oct 02 2012 10:40:38.7447
> */  ldap_search_ext("dc=ads,dc=domain,dc=org",
> 2, "uid=testman")
> 9
>  /* Tue Oct 02 2012 10:40:43.4920
> */  We do not know the user
> 10
>  /* Tue Oct 02 2012 10:40:43.4923
> */  LicenseMask=1 LicenseWrite=2 LicenseFTS=0
> LicenseReserved1=0 Notification=3 Email= LoginStatus=1
> ModificationTime=0
> 11
>  /* Tue Oct 02 2012 10:40:43.4925
> */  Groups=
> 12
>  /* Tue Oct 02 2012 10:40:43.4927
> */-VLFAIL
> ^@
> ...
>
> who is this "We" at line 9?
> My config settings are based on what the doc says ('authentication chain
> = 'AREA - ARS', cross ref pass is checked also authenticate unregistered
> users, RPC port set to 390695)
> The logs show the bind being done (line 7) but then something "does not
> know the user" ...
> any help/tips on what could be wrong is very much appreciated.
> Regards
> Serouche
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Intergartion

[Cecil, Ken]

Try the "BMC Remedy Action Request System 7.6.04 Integration Guide" included 
with the AR Server documentation.  It has a useful section on LDAP.

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Karthick S
Sent: Tuesday, April 10, 2012 7:35 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Intergartion

**
Hi Roger,

I am seeing this options in Support site. Can you tell me whcih one i need to 
download.

Current Name

Former Name

BMC Atrium Integration 
Engine<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=108029>

BMC Remedy Enterprise Integration Engine

BMC Control-M Business Process Integration 
Suite<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=129660>

BMC Control-M Business Process Integration Suite

BMC Enterprise Event Manager 
Integration<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=156907>

BMC Enterprise Event Manager Integration

BMC Event Management System Adapter for 
z/OS<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=165802>

BMC Event and Impact Management - Integration Adapter for z/OS

BMC Impact Integration for HP OpenView Network Node 
Manager<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=114832>

BMC Impact Integration for HP OpenView Network Node Manager

BMC Impact Integration for HP OpenView 
Operations<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=126689>

BMC Impact Integration for HP OpenView Operations

BMC Impact Integration for 
Tivoli<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=8742>

BMC Impact Integration for Tivoli

BMC Impact Integration for 
z/OS<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=130376>

BMC Impact Integration for z/OS

BMC Impact Integration for z/OS - License Add 
On<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=181054>

BMC Impact Integration for z/OS - License Add On

BMC Middleware Management - Enterprise Application 
Integration<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=175656>

DataFlow Studio

BMC Performance Manager for WebSphere Business 
Integration<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=147786>

BMC Performance Manager for WebSphere Business Integration

BMC Performance Manager Integration for HP OpenView 
IT/Operations<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=6680>

PATROL Integration for HP OpenView IT/Operations

BMC Performance Manager Integration for HP OpenView Network Node 
Manager<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=6682>

PATROL Integration for HP OpenView Network Node Manager

BMC Performance Manager Integration for 
Tivoli<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=6684>

PATROL Integration for Tivoli

SailPoint Integration Module for Third Party Identity Management 
Systems<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=248075>

SailPoint Integration Module for Third Party Identity Management Systems

Seamless Technologies Event Integration for BMC ProactiveNet Performance 
Management<http://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=179751>

Seamless Technologies Event Integration for BMC ProactiveNet Performance 
Management


On Tue, Apr 10, 2012 at 7:08 AM, Roger Justice 
mailto:rjust2...@aol.com>> wrote:
** Download the Integration Manual from the support site.

-Original Message-
From: Karthick S mailto:karthick...@gmail.com>>
To: arslist mailto:arslist@ARSLIST.ORG>>
Sent: Tue, Apr 10, 2012 6:59 am
Subject: LDAP Intergartion
**
Hi Guys,

I need to perform LDAP integration in my organization. Can anyone help me in 
that... If you have any basic document or step, please share with me.

Remedy Version: 7.6
OS: Windows


--


Thanks and Regards,
Karthick S

_attend WWRUG12 www.wwrug.com<http://www.wwrug.com/> ARSlist: "Where the 
Answers Are"_
_attend WWRUG12 www.wwrug.com<http://www.wwrug.com/> ARSlist: "Where the 
Answers Are"_



--


Thanks and Regards,
Karthick S

_attend WWRUG12 www.wwrug.com<http://www.wwrug.com> ARSlist: "Where the Answers 
Are"_

***

This email and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom

they are addressed. If you have received this email in error please

notify the system manager. This footnote also confirms that this

email message has been swept for the presence of computer viruses.

www.Hubbell.com<http://www.Hubbell.com> - Hubbell Incorporated**



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Intergartion

[Karthick S]

Hi Roger,

I am seeing this options in Support site. Can you tell me whcih one i need
to download.

  Current Name Former Name  BMC Atrium Integration
Engine
BMC
Remedy Enterprise Integration Engine BMC Control-M Business Process
Integration 
Suite
BMC
Control-M Business Process Integration Suite BMC Enterprise Event Manager
Integration
BMC
Enterprise Event Manager Integration BMC Event Management System Adapter
for 
z/OS
BMC
Event and Impact Management - Integration Adapter for z/OS BMC Impact
Integration for HP OpenView Network Node
Manager
BMC
Impact Integration for HP OpenView Network Node Manager BMC Impact
Integration for HP OpenView
Operations
BMC
Impact Integration for HP OpenView Operations BMC Impact Integration for
Tivoli
BMC
Impact Integration for Tivoli BMC Impact Integration for
z/OS
BMC
Impact Integration for z/OS BMC Impact Integration for z/OS - License
Add On
BMC
Impact Integration for z/OS - License Add On BMC Middleware Management -
Enterprise Application
Integration
DataFlow
Studio BMC Performance Manager for WebSphere Business
Integration
BMC
Performance Manager for WebSphere Business Integration BMC Performance
Manager Integration for HP OpenView
IT/Operations
PATROL
Integration for HP OpenView IT/Operations BMC Performance Manager
Integration for HP OpenView Network Node
Manager
PATROL
Integration for HP OpenView Network Node Manager BMC Performance Manager
Integration for
Tivoli
PATROL
Integration for Tivoli SailPoint Integration Module for Third Party
Identity Management
Systems
SailPoint
Integration Module for Third Party Identity Management Systems Seamless
Technologies Event Integration for BMC ProactiveNet Performance
Management
Seamless
Technologies Event Integration for BMC ProactiveNet Performance Management

On Tue, Apr 10, 2012 at 7:08 AM, Roger Justice  wrote:

> ** Download the Integration Manual from the support site.
>
>
> -Original Message-
> From: Karthick S 
> To: arslist 
> Sent: Tue, Apr 10, 2012 6:59 am
> Subject: LDAP Intergartion
>
> **
>  Hi Guys,
>
> I need to perform LDAP integration in my organization. Can anyone help me
> in that... If you have any basic document or step, please share with me.
>
> Remedy Version: 7.6
> OS: Windows
>
>
> --
> **
> **
> *Thanks and Regards,*
> *Karthick S*
>
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_




-- 
**
**
*Thanks and Regards,*
*Karthick S*

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Intergartion

[Roger Justice]

Download the Integration Manual from the support site.



-Original Message-
From: Karthick S 
To: arslist 
Sent: Tue, Apr 10, 2012 6:59 am
Subject: LDAP Intergartion


** 
Hi Guys,
 
I need to perform LDAP integration in my organization. Can anyone help me in 
that... If you have any basic document or step, please share with me.
 
Remedy Version: 7.6
OS: Windows


-- 

 
 
Thanks and Regards,
Karthick S

_attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP CONFIG - Questions

[Danny Kellett]

Hi,

 

Answers below.

Kind regards

Danny

 

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Bajwa, Ibrar
Sent: 12 January 2012 18:50
To: arslist@ARSLIST.ORG
Subject: LDAP CONFIG - Questions

 

** 

Hi All,

 

I had a few questions for LDAP config on 7.6.04.

 

-  Out of the box, BMC has one adapter for config and may only be used 
for 1 target?

No, you can have multiple AREA plugins configured in the ar.conf

-  If LDAP is already configured for 1 tenancy, effort wise:  is it a 
lot of work to replicate the same LDAP config for a second tenancy? (let’s say 
everything in the second ldap is same as first. Just a different domain, the 
connection between the second LDAP being configured is already made because it 
is being used for username & password only rite, basically we would like to 
pull all the fields  rather than just username and password from a user’s 
account in AD).

Yes, have a look at this BMC Support link

https://kb.bmc.com/infocenter/index?page=content 

 &id=KA288124&actp=search&viewlocale=en_US&searchid=1326450530060

 

 

We have 2 domains. Domain 1 is already configured fully (with all the fields), 
domain 2 is already configured for authentication of password and username. We 
would like to pull all the fields from a user’s AD account.

 

Any assistance would be appreciated. If you require more information, please do 
ask. I was unable to find a guide on BMC, so if anyone has a guide for the 
whole process, it would be appreciated.

 

Ibrar Bajwa

Remedy Analyst

 

Brookfield Corporate Operations

Technology Services

1 Adelaide Street East, Suite 1400, Toronto, ON M5C 2V9

T 416.649.8249, F 416.649.8245

ibrar.ba...@brookfield.com

 

Brookfield Logo

 

View Important disclosures and information about our e-mail policies here 
 .

 

_attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
<>

Re: LDAP Authentication Errors

[Hyunkel v2.0]

The AREA hub is right configured on the server. So this discard a bad 
configuration from ARS.


Hugo Ruesga 
Software Development Advisor
US  972.577.7000 x 332.3868
MX +52 (33) 3332.3868
P Please consider the environment before printing this email

The information contained in and transferred with this electronic message is 
intended only for the recipient(s) designated above, it is protected by law and 
it may contain information which is privileged and confidential. If you are not 
the intended recipient, please do not read, copy, or use it, and do not 
disclose it to others. Please notify the sender of the delivery error by 
replying to this message, and then delete it from your system. Thank you.




> Date: Thu, 24 Nov 2011 08:38:01 -0500
> From: cycom...@gmail.com
> Subject: Re: LDAP Authentication Errors
> To: arslist@ARSLIST.ORG
> 
> From integration manual
> 
> To set up the AREA Hub plug-in
> 1 Create the following entry for the AREA Hub in the ar.cfg file:
> plug-in: areahub.dll
> NOTE
> Make sure this is the only entry for an AREA plug-in in your ar.cfg file.
> 2 Create an entry for the first AREA plug-in as follows:
> AREA-Hub-Plugin: my_area_plug-in.dll
> 3 If necessary, create entries for subsequent AREA plug-ins as follows:
> AREA-Hub-Plugin: my_area_plug-in_1.dll
> AREA-Hub-Plugin: my_area_plug-in_2.dll
> AREA-Hub-Plugin: my_area_plug-in_3.dll
> 4 Restart the AR System plug-in server.
> 
> 2011/11/23 Hyunkel v2.0 :
> > **
> > That's a good point, AREA-Hub is in the ar.cfg file; but I'm noticing that
> > its pointing to arealdap.dll, correct me if I'm wrong but it must be
> > pointing to areahub.dll...
> >
> > Hugo Ruesga
> > Software Development Advisor
> > US  972.577.7000 x 332.3868
> > MX +52 (33) 3332.3868
> >
> > P Please consider the environment before printing this email
> >
> > The information contained in and transferred with this electronic message is
> > intended only for the recipient(s) designated above, it is protected by law
> > and it may contain information which is privileged and confidential. If you
> > are not the intended recipient, please do not read, copy, or use it, and do
> > not disclose it to others. Please notify the sender of the delivery error by
> > replying to this message, and then delete it from your system. Thank you.
> >
> >
> >
> >> Date: Wed, 23 Nov 2011 15:32:58 -0500
> >> From: cycom...@gmail.com
> >> Subject: Re: LDAP Authentication Errors
> >> To: arslist@ARSLIST.ORG
> >>
> >> when you have multiple LDAP entries you must to consider to activate
> >> the AREA HUB plugin are you sure your current ar.cfg includes this
> >> plugin
> >>
> >> 2011/11/23 Jamie Boley :
> >> > Hugo,
> >> >
> >> > I guess I did leave out the fact that we have multiple domains setup for
> >> > our LDAP authentication.  So within the LDAP configuration we have 4
> >> > entries.  One entry for each domain with each entry having 2 domain
> >> > controllers for redundancy purposes.
> >> >
> >> > Domain entry 1: Domain Controller 1 Domain Controller 2
> >> > Domain entry 2: Domain Controller 1 Domain Controller 2
> >> > Domain entry 3: Domain Controller 1 Domain Controller 2
> >> > Domain entry 4: Domain Controller 1 Domain Controller 2
> >> >
> >> > Therefore, when someone tries to authenticate, it will hit against the
> >> > first Domain entry, if user is not in that domain, it skips to the next 
> >> > one,
> >> > until it finds it; if it doesn't then they receive the authentication 
> >> > error.
> >> >  During that process, if the first domain controller is not online, it 
> >> > will
> >> > go to DC 2.
> >> >
> >> > So it is possible on having multiple enties for different domains within
> >> > your LDAP config, you just want to put the DCs on the same domain in the
> >> > same entry.
> >> >
> >> >
> >> > ___
> >> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> >> > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
> >> >
> >>
> >>
> >> ___
> >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> >> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
> > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
  
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[andres tamayo]

>From integration manual

To set up the AREA Hub plug-in
1 Create the following entry for the AREA Hub in the ar.cfg file:
plug-in: areahub.dll
NOTE
Make sure this is the only entry for an AREA plug-in in your ar.cfg file.
2 Create an entry for the first AREA plug-in as follows:
AREA-Hub-Plugin: my_area_plug-in.dll
3 If necessary, create entries for subsequent AREA plug-ins as follows:
AREA-Hub-Plugin: my_area_plug-in_1.dll
AREA-Hub-Plugin: my_area_plug-in_2.dll
AREA-Hub-Plugin: my_area_plug-in_3.dll
4 Restart the AR System plug-in server.

2011/11/23 Hyunkel v2.0 :
> **
> That's a good point, AREA-Hub is in the ar.cfg file; but I'm noticing that
> its pointing to arealdap.dll, correct me if I'm wrong but it must be
> pointing to areahub.dll...
>
> Hugo Ruesga
> Software Development Advisor
> US  972.577.7000 x 332.3868
> MX +52 (33) 3332.3868
>
> P Please consider the environment before printing this email
>
> The information contained in and transferred with this electronic message is
> intended only for the recipient(s) designated above, it is protected by law
> and it may contain information which is privileged and confidential. If you
> are not the intended recipient, please do not read, copy, or use it, and do
> not disclose it to others. Please notify the sender of the delivery error by
> replying to this message, and then delete it from your system. Thank you.
>
>
>
>> Date: Wed, 23 Nov 2011 15:32:58 -0500
>> From: cycom...@gmail.com
>> Subject: Re: LDAP Authentication Errors
>> To: arslist@ARSLIST.ORG
>>
>> when you have multiple LDAP entries you must to consider to activate
>> the AREA HUB plugin are you sure your current ar.cfg includes this
>> plugin
>>
>> 2011/11/23 Jamie Boley :
>> > Hugo,
>> >
>> > I guess I did leave out the fact that we have multiple domains setup for
>> > our LDAP authentication.  So within the LDAP configuration we have 4
>> > entries.  One entry for each domain with each entry having 2 domain
>> > controllers for redundancy purposes.
>> >
>> > Domain entry 1: Domain Controller 1 Domain Controller 2
>> > Domain entry 2: Domain Controller 1 Domain Controller 2
>> > Domain entry 3: Domain Controller 1 Domain Controller 2
>> > Domain entry 4: Domain Controller 1 Domain Controller 2
>> >
>> > Therefore, when someone tries to authenticate, it will hit against the
>> > first Domain entry, if user is not in that domain, it skips to the next 
>> > one,
>> > until it finds it; if it doesn't then they receive the authentication 
>> > error.
>> >  During that process, if the first domain controller is not online, it will
>> > go to DC 2.
>> >
>> > So it is possible on having multiple enties for different domains within
>> > your LDAP config, you just want to put the DCs on the same domain in the
>> > same entry.
>> >
>> >
>> > ___
>> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>> > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>> >
>>
>>
>> ___
>> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[David Abry]

Sent from my iPhone

On Nov 23, 2011, at 4:01 PM, "Hyunkel v2.0"  wrote:

> **
> That's a good point, AREA-Hub is in the ar.cfg file; but I'm noticing that 
> its pointing to arealdap.dll, correct me if I'm wrong but it must be pointing 
> to areahub.dll...
> 
> Hugo Ruesga 
> Software Development Advisor
> US  972.577.7000 x 332.3868
> MX +52 (33) 3332.3868
> 
> P Please consider the environment before printing this email
> 
> The information contained in and transferred with this electronic message is 
> intended only for the recipient(s) designated above, it is protected by law 
> and it may contain information which is privileged and confidential. If you 
> are not the intended recipient, please do not read, copy, or use it, and do 
> not disclose it to others. Please notify the sender of the delivery error by 
> replying to this message, and then delete it from your system. Thank you.
> 
> 
> 
> 
> 
> > Date: Wed, 23 Nov 2011 15:32:58 -0500
> > From: cycom...@gmail.com
> > Subject: Re: LDAP Authentication Errors
> > To: arslist@ARSLIST.ORG
> > 
> > when you have multiple LDAP entries you must to consider to activate
> > the AREA HUB plugin are you sure your current ar.cfg includes this
> > plugin
> > 
> > 2011/11/23 Jamie Boley :
> > > Hugo,
> > >
> > > I guess I did leave out the fact that we have multiple domains setup for 
> > > our LDAP authentication.  So within the LDAP configuration we have 4 
> > > entries.  One entry for each domain with each entry having 2 domain 
> > > controllers for redundancy purposes.
> > >
> > > Domain entry 1: Domain Controller 1 Domain Controller 2
> > > Domain entry 2: Domain Controller 1 Domain Controller 2
> > > Domain entry 3: Domain Controller 1 Domain Controller 2
> > > Domain entry 4: Domain Controller 1 Domain Controller 2
> > >
> > > Therefore, when someone tries to authenticate, it will hit against the 
> > > first Domain entry, if user is not in that domain, it skips to the next 
> > > one, until it finds it; if it doesn't then they receive the 
> > > authentication error.  During that process, if the first domain 
> > > controller is not online, it will go to DC 2.
> > >
> > > So it is possible on having multiple enties for different domains within 
> > > your LDAP config, you just want to put the DCs on the same domain in the 
> > > same entry.
> > >
> > > ___
> > > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> > > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
> > >
> > 
> > ___
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[Hyunkel v2.0]

That's a good point, AREA-Hub is in the ar.cfg file; but I'm noticing that its 
pointing to arealdap.dll, correct me if I'm wrong but it must be pointing to 
areahub.dll...


Hugo Ruesga 
Software Development Advisor
US  972.577.7000 x 332.3868
MX +52 (33) 3332.3868
P Please consider the environment before printing this email

The information contained in and transferred with this electronic message is 
intended only for the recipient(s) designated above, it is protected by law and 
it may contain information which is privileged and confidential. If you are not 
the intended recipient, please do not read, copy, or use it, and do not 
disclose it to others. Please notify the sender of the delivery error by 
replying to this message, and then delete it from your system. Thank you.




> Date: Wed, 23 Nov 2011 15:32:58 -0500
> From: cycom...@gmail.com
> Subject: Re: LDAP Authentication Errors
> To: arslist@ARSLIST.ORG
> 
> when you have multiple LDAP entries you must to consider to activate
> the AREA HUB plugin are you sure your current ar.cfg includes this
> plugin
> 
> 2011/11/23 Jamie Boley :
> > Hugo,
> >
> > I guess I did leave out the fact that we have multiple domains setup for 
> > our LDAP authentication.  So within the LDAP configuration we have 4 
> > entries.  One entry for each domain with each entry having 2 domain 
> > controllers for redundancy purposes.
> >
> > Domain entry 1: Domain Controller 1 Domain Controller 2
> > Domain entry 2: Domain Controller 1 Domain Controller 2
> > Domain entry 3: Domain Controller 1 Domain Controller 2
> > Domain entry 4: Domain Controller 1 Domain Controller 2
> >
> > Therefore, when someone tries to authenticate, it will hit against the 
> > first Domain entry, if user is not in that domain, it skips to the next 
> > one, until it finds it; if it doesn't then they receive the authentication 
> > error.  During that process, if the first domain controller is not online, 
> > it will go to DC 2.
> >
> > So it is possible on having multiple enties for different domains within 
> > your LDAP config, you just want to put the DCs on the same domain in the 
> > same entry.
> >
> > ___
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
> >
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
  
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[andres tamayo]

when you have multiple LDAP entries you must to consider to activate
the AREA HUB plugin are you sure your current ar.cfg includes this
plugin

2011/11/23 Jamie Boley :
> Hugo,
>
> I guess I did leave out the fact that we have multiple domains setup for our 
> LDAP authentication.  So within the LDAP configuration we have 4 entries.  
> One entry for each domain with each entry having 2 domain controllers for 
> redundancy purposes.
>
> Domain entry 1: Domain Controller 1 Domain Controller 2
> Domain entry 2: Domain Controller 1 Domain Controller 2
> Domain entry 3: Domain Controller 1 Domain Controller 2
> Domain entry 4: Domain Controller 1 Domain Controller 2
>
> Therefore, when someone tries to authenticate, it will hit against the first 
> Domain entry, if user is not in that domain, it skips to the next one, until 
> it finds it; if it doesn't then they receive the authentication error.  
> During that process, if the first domain controller is not online, it will go 
> to DC 2.
>
> So it is possible on having multiple enties for different domains within your 
> LDAP config, you just want to put the DCs on the same domain in the same 
> entry.
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[Jamie Boley]

Hugo,

I guess I did leave out the fact that we have multiple domains setup for our 
LDAP authentication.  So within the LDAP configuration we have 4 entries.  One 
entry for each domain with each entry having 2 domain controllers for 
redundancy purposes.

Domain entry 1: Domain Controller 1 Domain Controller 2
Domain entry 2: Domain Controller 1 Domain Controller 2
Domain entry 3: Domain Controller 1 Domain Controller 2
Domain entry 4: Domain Controller 1 Domain Controller 2

Therefore, when someone tries to authenticate, it will hit against the first 
Domain entry, if user is not in that domain, it skips to the next one, until it 
finds it; if it doesn't then they receive the authentication error.  During 
that process, if the first domain controller is not online, it will go to DC 2.

So it is possible on having multiple enties for different domains within your 
LDAP config, you just want to put the DCs on the same domain in the same entry.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[Hyunkel v2.0]

Thanks Jamie;

Actually we have 4 Domain controllers in our architecture, so far I've detected 
we currently work with two, the other ones are no longer required, but customer 
doesn't want to remove this configuration. Actually I thought the same, having 
one single controller will help to avoid LDAP plugin to go and search (and 
probably fail or timeout on one of the decomissioned AD) in the ADs, but if 
customer doesn't want to,will be hard to do.

In fact the issue as you had told, is almost the same; and my first guess will 
be placing all accounts under one single domain, and delete the configuration 
for the other DCs, or configuring in one single DC the information for two, as 
you did.

Actually I'm looking into this with BMC trying to have enough evidence to avoid 
using this current 4 DCs configuration.

Cheers.


Hugo Ruesga 
Software Development Advisor
US  972.577.7000 x 332.3868
MX +52 (33) 3332.3868
P Please consider the environment before printing this email

The information contained in and transferred with this electronic message is 
intended only for the recipient(s) designated above, it is protected by law and 
it may contain information which is privileged and confidential. If you are not 
the intended recipient, please do not read, copy, or use it, and do not 
disclose it to others. Please notify the sender of the delivery error by 
replying to this message, and then delete it from your system. Thank you.




> Date: Wed, 23 Nov 2011 11:18:21 -0500
> From: jbo...@aegonusa.com
> Subject: Re: LDAP Authentication Errors
> To: arslist@ARSLIST.ORG
> 
> Hugo,
> 
> We had similar issues with our LDAP authentication where we were chasing our 
> tails trying to find out why people randomly were not able to authenticate, 
> but after reseting the person's account in AD they were able to log in fine.  
> Upon further analysis it was found that each time a user enters their 
> password incorrectly the Remedy AREA ldap connection attempts authenticate 
> against X domain controllers (we'll use 2 for this example), resulting in one 
> bad password attempt on the domain controller 1 and one on domain 
> controller2.  The next successful login occurs only on the domain controller 
> 1 and the bad password count in reset.  However, the bad password attempts 
> continue to reside on the domain controlller 2 and over a period of time when 
> a user enters the wrong password 5 times in Remedy the account is locked.  
> The reason our authentication went away when the service desk reset the 
> account, was because they were able to reset the bad passwords on all domain 
> controllers.  This issue was found because we had our redundant domain 
> controllers in different entries within AREA LDAP configuration.  Instead, we 
> removed the entry and added the redundant domain controller name within the 
> primary entry with a space in between.
> 
> So for example, before the change our configuration list was:
> 
> Domain Controller 1
> Domain Controller 2
> 
> The change we made was by putting bother domain controller names within the 
> Host Name field with a space:
> Domain Controller 1 Domain Controller 2
> 
> I do not know if this is the same issue you are experiencing, but is 
> something to take a look at if you have multiple domain controllers in your 
> list that are on the same domain.
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
  
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication Errors

[Jamie Boley]

Hugo,

We had similar issues with our LDAP authentication where we were chasing our 
tails trying to find out why people randomly were not able to authenticate, but 
after reseting the person's account in AD they were able to log in fine.  Upon 
further analysis it was found that each time a user enters their password 
incorrectly the Remedy AREA ldap connection attempts authenticate against X 
domain controllers (we'll use 2 for this example), resulting in one bad 
password attempt on the domain controller 1 and one on domain controller2.  The 
next successful login occurs only on the domain controller 1 and the bad 
password count in reset.  However, the bad password attempts continue to reside 
on the domain controlller 2 and over a period of time when a user enters the 
wrong password 5 times in Remedy the account is locked.  The reason our 
authentication went away when the service desk reset the account, was because 
they were able to reset the bad passwords on all domain controllers.  This 
issue was found because we had our redundant domain controllers in different 
entries within AREA LDAP configuration.  Instead, we removed the entry and 
added the redundant domain controller name within the primary entry with a 
space in between.

So for example, before the change our configuration list was:

Domain Controller 1
Domain Controller 2

The change we made was by putting bother domain controller names within the 
Host Name field with a space:
Domain Controller 1 Domain Controller 2

I do not know if this is the same issue you are experiencing, but is something 
to take a look at if you have multiple domain controllers in your list that are 
on the same domain.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"

Re: LDAP Authentication on AR 7.5.005

[Saurabh Mehta]

Hi Mohamed,

Can you please check what the Authentication-Chaining-Mode is set to in your
ar.cfg file?

If it shows as Authentication-Chaining-Mode: 1, you can try changing it to
Authentication-Chaining-Mode: 0
With Authentication-Chaining-Mode set to 1, if the User exists with a
password in User Form
Authenticate Unregistered Users or Cross-Reference-Blank-Password values do
not effect the outcome.
1) Authentication will be done using User Form. If successful it will get
user information from User From.
2) Failed User authentication will  go to AREA LDAP Authentication. User
information will get from AREA LDAP.

HTH

Regards,
Saurabh
On Wed, Sep 22, 2010 at 12:46 AM, Moe Abdelaziz wrote:

> We disabled the "Allow Guest User" and "Give Guest User Restricted Read"
> options on the AR configurations form. Surprisingly, if a user type
> his/her login with a mix case, but uses the correct password, he/she is
> granted access to the system but as a guest user. However, when using the
> correct login but incorrect password, the user is dined access and cannot
> log-in.
>
> Has anyone encountered this issue before? I am suspecting that this has to
> do with LDAP being case insensitive.
>
> Current environment:
> ARS 7.5.005
> ITSM 7.6.001
> Oracle 10.2
> Win 2003 x64
>
>
> Thanks,
> Mohamed Abdelaziz
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: LDAP error

[Christine]

You need to restart the plugin service.

On Aug 27, 8:56 am, Larry Barnes  wrote:
> I'm having trouble pulling data from Active Directory into the people
> form in Remedy.  I get the following error message. "Cannot connect to
> the directory service : Can't connect to the LDAP server (LDAPERR 91)
> (ARERR 3375)"
>
> I've looked on the BMC community page and found 1 article where a user
> needed to update the Base DN For Discovery field.  Sine this field was
> blank on my end I updated it and saved the form.
>
> Do I need to bounce the server for this to take place?
>
> Is there something else I'm missing?  
>
> Btw: I have all the other info in this form.
>
> Thanks for your time,
>
> L. Barnes
>
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives atwww.arslist.orgattend 
> wwrug10www.wwrug.comARSlist: "Where the Answers Are"
>
> ___­
> UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org
> attend wwrug10www.wwrug.comARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"

Re: LDAP Question

[Roger Justice]

If you want to be able to look across multiple AD configurations and 
are using ARS 7 or later you can list multiple entries.



-Original Message-
From: Brittain, Mark 
To: arslist@ARSLIST.ORG
Sent: Fri, Oct 30, 2009 2:50 pm
Subject: LDAP Question


**
Happy Halloween,
 
We use Active Directory to authenticate and new servers are being 
brought online.  Everything else being the same, looking in the 
configuration manual, all I need to do is change the Host Name in the 
AREA LDAP Configuration Form.  If I make the change there, do I need to 
restart the server? Are there any other changes that need to be made? 
If so, where and in what order?

 
Thanks
Mark

Mark Brittain
Remedy Developer
NaviSite
mbritt...@navisite.com
(315) 453-2912 x5418 (Phone)
(315) 317.2897 (Cell)
Reduce Cost of IT with Managed Hosting and Application Services from 
NaviSite.

Visit www.NaviSite.com Today.
 


    
This e-mail is the property of NaviSite, Inc. It is intended only for 
the person or entity to which it is addressed and may contain 
information that is privileged, confidential, or otherwise protected 
from disclosure. Distribution or copying of this e-mail, or the 
information contained herein, to anyone other than the intended 
recipient is prohibited.


_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers 
Are"_


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP Question

[Tommy Morris]

Restart the AR Service because the information needs to push to your
AR.cfg file which will rebuild and load on a restart.

 

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Brittain, Mark
Sent: Friday, October 30, 2009 1:50 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Question

 

** 

Happy Halloween,

 

We use Active Directory to authenticate and new servers are being
brought online.  Everything else being the same, looking in the
configuration manual, all I need to do is change the Host Name in the
AREA LDAP Configuration Form.  If I make the change there, do I need to
restart the server? Are there any other changes that need to be made? If
so, where and in what order?

 

Thanks

Mark


Mark Brittain 
Remedy Developer 
NaviSite 
mbritt...@navisite.com 
(315) 453-2912 x5418 (Phone)

(315) 317.2897 (Cell) 

Reduce Cost of IT with Managed Hosting and Application Services from
NaviSite. 
Visit www.NaviSite.com Today. 

 

 

    

This e-mail is the property of NaviSite, Inc. It is intended only for
the person or entity to which it is addressed and may contain
information that is privileged, confidential, or otherwise protected
from disclosure. Distribution or copying of this e-mail, or the
information contained herein, to anyone other than the intended
recipient is prohibited.

_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers
Are"_ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP Vendor Form Table Question

[Grooms, Frederick W]

The table name you are referring to in the LDAP Vendor Form is an LDAP search 
string and is unique to each installation of an LDAP directory service (which 
is supported by Microsoft's Active Directory).

The LDAP_DIRECTORY_SERVICE_HOST could be a Domain Controller server in your 
organization or an alias to the Active Directory tree. The BASE_DN is where you 
want to start in the Active Directory tree.

The LDAP integration has been around since ARS 5.1.

A free tool to look at your LDAP directory is the Softerra LDAP Browser: 
http://www.softerra.com/download.htm   
Another free tool is in the Microsoft Support Tools and is called LDP.

The values in the Table names of a Vendor form are specific to that Vendor 
plugin for the ARS server.

Fred

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Mark Lev
Sent: Thursday, September 10, 2009 10:01 AM
To: arslist@ARSLIST.ORG
Subject: LDAP Vendor Form Table Question

** 
I am resubmitting as I didn't hear anything on this, and hope 2nd time is a 
charm.  I have yet to find anything to help me understand the variables 
available in vendor form table names.

Thanks,
Mark
 
 
-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Mark Lev
Sent: Thursday, September 03, 2009 10:17 AM
To: arslist@ARSLIST.ORG
Subject: LDAP Vendor Form Table Question

** 
I was poking around in 7.5 OOB vendor forms, and I came across this as the 
Table name in one of their LDAP vendor forms.

ldap:///??sub?(objectclass=group)

My question is, are the  OOB variables, or do these need to be 
defined?  I have the LDAP configurations configured and working properly.  I 
have been populating these values, and if these variable references work, that 
would be a much better way to do things.  I will trial and error, but if 
someone  can better explain, or point me to where this is in documentation, 
that would be great.

Also, is this same in 7.x, or new to 7.5?

Thanks,
Mark
 
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

-RESOLVED -RE: LDAP question

[Shane Buchholz]

Shawn,

This is exactly what we were looking for.  Thanks for providing the information.

Thanks,

Shane Buchholz

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Pierson, Shawn
Sent: Friday, May 29, 2009 2:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP question

**
I built a custom Vendor form on my own so I could pull in some fields that I 
wanted and leave out others.  Anyway, if you set up an escalation or filter to 
modify People data (I use a filter, with the escalation pushing to a staging 
form where all the transformation and other filters take place) put something 
like this in the Run If Criteria:

( 'userAccountControl' = 514) OR ( 'userAccountControl' = 546) OR ( 
'userAccountControl' = 65538) OR ( 'userAccountControl' = 66050)

At least in my organization, this is sufficient to identify accounts that 
should be marked Obsolete.

Shawn Pierson

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz
Sent: Friday, May 29, 2009 2:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP question

**
We are trying to configure Remedy to set the Profile Status to "Obsolete" in 
the CTM:People form when they have been deleted from Active Directory.  The 
most logical approach is to use an escalation that will fire at regular 
intervals to keep the CTM:People form as up to date as possible, but the 
limitations of the workflow seem to make this impossible to do.  We are using 
the inetorgperson form to pull data in from AD, and have an escalation that 
fires and creates new accounts in the CTM:People form.  It recognizes new 
accounts, but we haven't been able to determine how to have it recognize that 
an account is no longer in AD.  Please let me know if this is even possible, 
and if so what the best approach is.

ARS 7.1
ITSM 7.1
SQL Server 2005
Windows Server 2003

Thanks,

Shane Buchholz
Information Security Specialist
Account Services - Information Services


Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_
Private and confidential as detailed 
here<http://www.sug.com/disclaimers/default.htm#Mail>. If you cannot access 
hyperlink, please e-mail sender.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP question

[Lyle Taylor]

That makes me think of another possibility.  You could potentially have a form 
with a table on it that points to CTM:People.  You could loop over the table 
and look up each person individually on the AD form.  If the person isn't 
there, you can mark them as Obsolete.  That wouldn't be terribly efficient, but 
it would save you from having to have another copy of the data.

Lyle

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Pierson, Shawn
Sent: Friday, May 29, 2009 3:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP question

**
I built a custom Vendor form on my own so I could pull in some fields that I 
wanted and leave out others.  Anyway, if you set up an escalation or filter to 
modify People data (I use a filter, with the escalation pushing to a staging 
form where all the transformation and other filters take place) put something 
like this in the Run If Criteria:

( 'userAccountControl' = 514) OR ( 'userAccountControl' = 546) OR ( 
'userAccountControl' = 65538) OR ( 'userAccountControl' = 66050)

At least in my organization, this is sufficient to identify accounts that 
should be marked Obsolete.

Shawn Pierson

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz
Sent: Friday, May 29, 2009 2:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP question

**
We are trying to configure Remedy to set the Profile Status to "Obsolete" in 
the CTM:People form when they have been deleted from Active Directory.  The 
most logical approach is to use an escalation that will fire at regular 
intervals to keep the CTM:People form as up to date as possible, but the 
limitations of the workflow seem to make this impossible to do.  We are using 
the inetorgperson form to pull data in from AD, and have an escalation that 
fires and creates new accounts in the CTM:People form.  It recognizes new 
accounts, but we haven't been able to determine how to have it recognize that 
an account is no longer in AD.  Please let me know if this is even possible, 
and if so what the best approach is.

ARS 7.1
ITSM 7.1
SQL Server 2005
Windows Server 2003

Thanks,

Shane Buchholz
Information Security Specialist
Account Services - Information Services


Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_
Private and confidential as detailed 
here<http://www.sug.com/disclaimers/default.htm#Mail>. If you cannot access 
hyperlink, please e-mail sender.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_


 NOTICE: This email message is for the sole use of the intended recipient(s) 
and may contain confidential and privileged information. Any unauthorized 
review, use, disclosure or distribution is prohibited. If you are not the 
intended recipient, please contact the sender by reply email and destroy all 
copies of the original message.



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP question

[Pierson, Shawn]

I built a custom Vendor form on my own so I could pull in some fields that I 
wanted and leave out others.  Anyway, if you set up an escalation or filter to 
modify People data (I use a filter, with the escalation pushing to a staging 
form where all the transformation and other filters take place) put something 
like this in the Run If Criteria:

( 'userAccountControl' = 514) OR ( 'userAccountControl' = 546) OR ( 
'userAccountControl' = 65538) OR ( 'userAccountControl' = 66050)

At least in my organization, this is sufficient to identify accounts that 
should be marked Obsolete.

Shawn Pierson

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz
Sent: Friday, May 29, 2009 2:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP question

**
We are trying to configure Remedy to set the Profile Status to "Obsolete" in 
the CTM:People form when they have been deleted from Active Directory.  The 
most logical approach is to use an escalation that will fire at regular 
intervals to keep the CTM:People form as up to date as possible, but the 
limitations of the workflow seem to make this impossible to do.  We are using 
the inetorgperson form to pull data in from AD, and have an escalation that 
fires and creates new accounts in the CTM:People form.  It recognizes new 
accounts, but we haven't been able to determine how to have it recognize that 
an account is no longer in AD.  Please let me know if this is even possible, 
and if so what the best approach is.

ARS 7.1
ITSM 7.1
SQL Server 2005
Windows Server 2003

Thanks,

Shane Buchholz
Information Security Specialist
Account Services - Information Services


Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_

Private and confidential as detailed here: 
http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the 
link, please e-mail sender.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP question

[Shane Buchholz]

Lyle,

This is the first approach I attempted, but inetorgperson is a vendor form and 
does not show up in the list of possible forms to join.  I was trying to avoid 
creating another form to store the same data, but it sounds like that may be 
the only option available.

Shane

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Lyle Taylor
Sent: Friday, May 29, 2009 12:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP question

**
If you created an outer-join form between CTM:People and your AD form, you 
could run a query or have a table qualification where you have a value from 
CTM:People but the corresponding value from the AD form is NULL.  That would 
give you all the records that are in CTM:People but not in AD.  For example, 
Let's say that you join the two forms on Remedy Login ID = cn.  Then you add 
something like the lastModifiedDate from AD.  If you query that form where 
lastModifiedDate is NULL, you'll get back all the records that don't have a 
match in AD.  Does that make sense?

Lyle

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz
Sent: Friday, May 29, 2009 1:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP question

**
We are trying to configure Remedy to set the Profile Status to "Obsolete" in 
the CTM:People form when they have been deleted from Active Directory.  The 
most logical approach is to use an escalation that will fire at regular 
intervals to keep the CTM:People form as up to date as possible, but the 
limitations of the workflow seem to make this impossible to do.  We are using 
the inetorgperson form to pull data in from AD, and have an escalation that 
fires and creates new accounts in the CTM:People form.  It recognizes new 
accounts, but we haven't been able to determine how to have it recognize that 
an account is no longer in AD.  Please let me know if this is even possible, 
and if so what the best approach is.

ARS 7.1
ITSM 7.1
SQL Server 2005
Windows Server 2003

Thanks,

Shane Buchholz
Information Security Specialist
Account Services - Information Services


Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_


NOTICE: This email message is for the sole use of the intended recipient(s) and 
may contain confidential and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply email and destroy all copies of 
the original message.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP question

[Nicky Madjarov]

How many people records do you work with?

Regards,

Nicky Madjarov
phone: 973-202-4278
Find out how to bust your AR System performance @
http://www.SpeedUpARS.com
  - Original Message - 
  From: Shane Buchholz 
  Newsgroups: public.remedy.arsystem.general
  To: arslist@ARSLIST.ORG 
  Sent: Friday, May 29, 2009 3:05 PM
  Subject: LDAP question


  ** 
  We are trying to configure Remedy to set the Profile Status to "Obsolete" in 
the CTM:People form when they have been deleted from Active Directory.  The 
most logical approach is to use an escalation that will fire at regular 
intervals to keep the CTM:People form as up to date as possible, but the 
limitations of the workflow seem to make this impossible to do.  We are using 
the inetorgperson form to pull data in from AD, and have an escalation that 
fires and creates new accounts in the CTM:People form.  It recognizes new 
accounts, but we haven't been able to determine how to have it recognize that 
an account is no longer in AD.  Please let me know if this is even possible, 
and if so what the best approach is.

   

  ARS 7.1

  ITSM 7.1

  SQL Server 2005

  Windows Server 2003

   

  Thanks,

   

  Shane Buchholz

  Information Security Specialist

  Account Services - Information Services



--
  Confidentiality Notice: This e-mail message, including any attachments, is
  for the sole use of the intended recipient(s) and may contain confidential
  and privileged information. Any unauthorized review, use, disclosure or
  distribution is prohibited. If you are not the intended recipient, please
  contact the sender by reply e-mail and destroy all copies of the original
  message.
  _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP question

[Lyle Taylor]

If you created an outer-join form between CTM:People and your AD form, you 
could run a query or have a table qualification where you have a value from 
CTM:People but the corresponding value from the AD form is NULL.  That would 
give you all the records that are in CTM:People but not in AD.  For example, 
Let's say that you join the two forms on Remedy Login ID = cn.  Then you add 
something like the lastModifiedDate from AD.  If you query that form where 
lastModifiedDate is NULL, you'll get back all the records that don't have a 
match in AD.  Does that make sense?

Lyle

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Shane Buchholz
Sent: Friday, May 29, 2009 1:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP question

**
We are trying to configure Remedy to set the Profile Status to "Obsolete" in 
the CTM:People form when they have been deleted from Active Directory.  The 
most logical approach is to use an escalation that will fire at regular 
intervals to keep the CTM:People form as up to date as possible, but the 
limitations of the workflow seem to make this impossible to do.  We are using 
the inetorgperson form to pull data in from AD, and have an escalation that 
fires and creates new accounts in the CTM:People form.  It recognizes new 
accounts, but we haven't been able to determine how to have it recognize that 
an account is no longer in AD.  Please let me know if this is even possible, 
and if so what the best approach is.

ARS 7.1
ITSM 7.1
SQL Server 2005
Windows Server 2003

Thanks,

Shane Buchholz
Information Security Specialist
Account Services - Information Services


Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers Are"_


 NOTICE: This email message is for the sole use of the intended recipient(s) 
and may contain confidential and privileged information. Any unauthorized 
review, use, disclosure or distribution is prohibited. If you are not the 
intended recipient, please contact the sender by reply email and destroy all 
copies of the original message.



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"

Re: LDAP lookup problems

[Grooms, Frederick W]

I think it also depends on how the LDAP is structured at your location.  Here I 
use the following:   
  
ldap://domaincontrollermachine/DC=corp,DC=comapny,DC=com??sub?(objectclass=user)

I have seen people use the IP instead of the domain controller machine name.   
  ldap://192.168.0.1/DC=corp,DC=comapny,DC=com??sub?(objectclass=user)   
I have also seen using the domain in there as well:   
  ldap://corp.company.com/DC=corp,DC=comapny,DC=com??sub?(objectclass=user)   

I use a different vendor form to look up people in exchange groups and it has a 
space:   
  ldap://domaincontrollermachine/OU=Domain 
Groups,DC=corp,DC=company,DC=com??sub?(objectclass=group)

This is with 7.1.0 patch 004 on Solaris against Active Directory (2005 I think)

The best way I know of to tell what objectclass to use is to browse the 
directory with a free tool like LDP from the Windows Support Tools or the free 
Softerra LDAP browser <http://www.ldapbrowser.com/download.htm> and see what is 
being used.  


Fred


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Begosh, Kevin
Sent: Wednesday, March 18, 2009 6:21 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP lookup problems

James,
I have gone over and over this with BMC.  The query that BMC has using the 
vendor form times out a lot unless you put in a CN.  We had to for ours.  I 
used CN=Users, then when you bring up a vendor form you can change the query 
name there, like I did objectclass=*, which pulled all data fields.  Let me 
know if you have more questions.  This was different in 6.x when I used it then 
you could just put the DC or even leave it blank and it brought back everything.

Kevin Begosh, RSP
Tech Ops
Enterprise Business Services
301-791-3540 Phone
410-422-3623 Cell
kevin.beg...@lmco.com


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of James Pifer
Sent: Wednesday, March 18, 2009 1:48 PM
To: arslist@ARSLIST.ORG
Subject: LDAP lookup problems

We've just moved to a new ARS 7.1 backend system. During this upgrade
we're also making heavy use of LDAP for user management. I'm not the
remedy expert so I'll explain this the best I can. 

Issue 1)
On the Remedy side we created an ARDBC LDAP Configuration.
We also created a Vendor Form. This was all done a while ago. Now we
needed to add another field to the form, and this is where the problems
started.

When we go into the Vendor form and Load the columns available it was
only showing us a few columns, not even the columns we are already
using. Our connection string is something like:
ldap://192.168.1.99/o=TreeRoot??sub?(objectclass=inetOrgPerson)

Here's what we found out, Remedy is connecting to LDAP and looking at
the last person created for pulling back column data. If I added a new
test user, it would start using that users data. If I deleted the new
user it would drop back to the last one. Since not all of our users are
required to have some of the data, such as a fax number, we would not
see those columns. 

So, is it possible to force Remedy to look at a specific user object
when building the vendor form so you can control what columns it finds?


Issue 2)
We've also had some issues with the "Base DN for Discovery" in
the ARDBC LDAP Configuration. Our ldap directory has several different
contexts for different types of accounts. For example, out internal
users, customers, and vendors all have their own contexts off the root.

Unfortunately our internal users container has a space in the name, ie
"Internal Users". When we try to use this for the discovery DN Remedy
doesn't seem to handle it. 

If we put o=TreeRoot there's appears to be too much data or something. 

If we specify cn=RemedyLogin,o=TreeRoot then it seems to work ok. Seems
strange to me to have a cn in a Base DN. 

Any ideas or suggestions?

Thanks,
James
 

Re: LDAP lookup problems

[James Pifer]

On Wed, 2009-03-18 at 19:20 -0400, Begosh, Kevin wrote:
> James,
> I have gone over and over this with BMC.  The query that BMC has using the 
> vendor form times out a lot unless you put in a CN.  We had to for ours.  I 
> used CN=Users, then when you bring up a vendor form you can change the query 
> name there, like I did objectclass=*, which pulled all data fields.  Let me 
> know if you have more questions.  This was different in 6.x when I used it 
> then you could just put the DC or even leave it blank and it brought back 
> everything.
> 

Kevin, 

That's pretty messed up IMHO. Using objectclass=* does the job as you
suggested. 

Thanks a lot!
James

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"

Re: LDAP lookup problems

[Begosh, Kevin]

James,
I have gone over and over this with BMC.  The query that BMC has using the 
vendor form times out a lot unless you put in a CN.  We had to for ours.  I 
used CN=Users, then when you bring up a vendor form you can change the query 
name there, like I did objectclass=*, which pulled all data fields.  Let me 
know if you have more questions.  This was different in 6.x when I used it then 
you could just put the DC or even leave it blank and it brought back everything.

Kevin Begosh, RSP
Tech Ops
Enterprise Business Services
301-791-3540 Phone
410-422-3623 Cell
kevin.beg...@lmco.com


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of James Pifer
Sent: Wednesday, March 18, 2009 1:48 PM
To: arslist@ARSLIST.ORG
Subject: LDAP lookup problems

We've just moved to a new ARS 7.1 backend system. During this upgrade
we're also making heavy use of LDAP for user management. I'm not the
remedy expert so I'll explain this the best I can. 

Issue 1)
On the Remedy side we created an ARDBC LDAP Configuration.
We also created a Vendor Form. This was all done a while ago. Now we
needed to add another field to the form, and this is where the problems
started.

When we go into the Vendor form and Load the columns available it was
only showing us a few columns, not even the columns we are already
using. Our connection string is something like:
ldap://192.168.1.99/o=TreeRoot??sub?(objectclass=inetOrgPerson)

Here's what we found out, Remedy is connecting to LDAP and looking at
the last person created for pulling back column data. If I added a new
test user, it would start using that users data. If I deleted the new
user it would drop back to the last one. Since not all of our users are
required to have some of the data, such as a fax number, we would not
see those columns. 

So, is it possible to force Remedy to look at a specific user object
when building the vendor form so you can control what columns it finds?


Issue 2)
We've also had some issues with the "Base DN for Discovery" in
the ARDBC LDAP Configuration. Our ldap directory has several different
contexts for different types of accounts. For example, out internal
users, customers, and vendors all have their own contexts off the root.

Unfortunately our internal users container has a space in the name, ie
"Internal Users". When we try to use this for the discovery DN Remedy
doesn't seem to handle it. 

If we put o=TreeRoot there's appears to be too much data or something. 

If we specify cn=RemedyLogin,o=TreeRoot then it seems to work ok. Seems
strange to me to have a cn in a Base DN. 

Any ideas or suggestions?

Thanks,
James
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"

Re: LDAP integration in Remedy V6.3

[Grooms, Frederick W]

I believe the field is called objectSid.  If the field is not listed
when you right click the Vendor form to add a field you can type it in
to the Database tab Vendor Information Name field.  

Fred

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Dan Fraser
Sent: Wednesday, February 25, 2009 10:13 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP integration in Remedy V6.3

I need to add the object SID from Active Directory to the LDAP fields 
available in Remedy

- Original Message - 
From: "ccrashh" 
To: "Dan Fraser" 
Sent: Wednesday, February 25, 2009 10:06 AM
Subject: Re: LDAP integration in Remedy V6.3

Not sure what you mean.  I currently use LDAP to integrate with AD,
but am unsure what you are requesting.  What do you mean by "SID"?

On Feb 25, 9:39 am, Dan Fraser  wrote:
> I am currently running Remedy V6.3 integrated with Windows Active 
> Directory. My question is, how can I add the SID to the fields that
are 
> presented to the LDAP

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"

Re: LDAP integration in Remedy V6.3

[Dan Fraser]

I need to add the object SID from Active Directory to the LDAP fields 
available in Remedy
- Original Message - 
From: "ccrashh" 

To: "Dan Fraser" 
Sent: Wednesday, February 25, 2009 10:06 AM
Subject: Re: LDAP integration in Remedy V6.3


Not sure what you mean.  I currently use LDAP to integrate with AD,
but am unsure what you are requesting.  What do you mean by "SID"?

On Feb 25, 9:39 am, Dan Fraser  wrote:
I am currently running Remedy V6.3 integrated with Windows Active 
Directory. My question is, how can I add the SID to the fields that are 
presented to the LDAP


___
UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are" 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"

Re: LDAP integration in Remedy V6.3

[ccrashh]

Sorry, responded to you rather than the group.  What do you mean by
"...SID to the fields that are presented to the LDAP"?


On Feb 25, 9:39 am, Dan Fraser  wrote:
> I am currently running Remedy V6.3 integrated with Windows Active Directory.  
> My question is, how can I add the SID to the fields that are presented to the 
> LDAP
>
> ___
> UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org
> Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"

Re: LDAP timestamps

[Meyer, Jennifer L]

It's a setting in the Knowledgebase.  They have some of the articles set to 
"Internal" access only.  They're there, but not for us, the poor general public 
to see without express permission.


Jennifer Meyer


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of VanSickle, James W
Sent: Friday, October 24, 2008 12:16 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP timestamps

Unfortunately not, it was two years and two companies ago now.  I know
it exists because I spent over a week pulling my hair out on the same
issue, then bit the bullet and called BMC who promptly sent me the
article.  You should get BMC Support to send you the article too.  For
some reason, not all KB articles are publically available on their
knowledge base.  I don't know if that is by design, just a configuration
problem, or just something screwy in how the Knowledge Base does its
searches.



James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Tricky
Sent: Friday, October 24, 2008 10:55 AM
To: arslist@ARSLIST.ORG
Subject: Re: [ARSLIST] LDAP timestamps



**

Using the date/time field displays a different date than the actual
date... It displays 12/31/1969 5:00:00 PM instead of 10/18/2008
16:23:52.  Do you remember what to add on the ar.cfg?  I can't find the
KB on BMC support.



Thanks,

Jason



--- On Fri, 10/24/08, VanSickle, James W
<[EMAIL PROTECTED]> wrote:

From: VanSickle, James W <[EMAIL PROTECTED]>
Subject: Re: LDAP timestamps
To: arslist@ARSLIST.ORG
Date: Friday, October 24, 2008, 8:19 AM

**

If you are using a Vendor form, the conversion should be
automatic in using a Date/Time field.  However, at a previous company I
was at, their LDAP system had date/times stored in a slightly different
format than normal.  BMC Support has a KB article that outlines settings
you can add to your ar.cfg file to recognize the different LDAP
date/time formats.  It has been two years since I last used it, but
remember that it worked to fix my problem reading LDAP dates/time
fields.



Good luck,



James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList) [mailto:

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP timestamps

[Jason Tricky]

Thanks

--- On Fri, 10/24/08, VanSickle, James W <[EMAIL PROTECTED]> wrote:

From: VanSickle, James W <[EMAIL PROTECTED]>
Subject: Re: LDAP timestamps
To: arslist@ARSLIST.ORG
Date: Friday, October 24, 2008, 9:15 AM

Unfortunately not, it was two years and two companies ago now.  I know
it exists because I spent over a week pulling my hair out on the same
issue, then bit the bullet and called BMC who promptly sent me the
article.  You should get BMC Support to send you the article too.  For
some reason, not all KB articles are publically available on their
knowledge base.  I don't know if that is by design, just a configuration
problem, or just something screwy in how the Knowledge Base does its
searches.

 

James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Tricky
Sent: Friday, October 24, 2008 10:55 AM
To: arslist@ARSLIST.ORG
Subject: Re: [ARSLIST] LDAP timestamps

 

** 

Using the date/time field displays a different date than the actual
date... It displays 12/31/1969 5:00:00 PM instead of 10/18/2008
16:23:52.  Do you remember what to add on the ar.cfg?  I can't find the
KB on BMC support.

 

Thanks,

Jason



--- On Fri, 10/24/08, VanSickle, James W
<[EMAIL PROTECTED]> wrote:

From: VanSickle, James W <[EMAIL PROTECTED]>
Subject: Re: LDAP timestamps
To: arslist@ARSLIST.ORG
Date: Friday, October 24, 2008, 8:19 AM

** 

If you are using a Vendor form, the conversion should be
automatic in using a Date/Time field.  However, at a previous company I
was at, their LDAP system had date/times stored in a slightly different
format than normal.  BMC Support has a KB article that outlines settings
you can add to your ar.cfg file to recognize the different LDAP
date/time formats.  It has been two years since I last used it, but
remember that it worked to fix my problem reading LDAP dates/time
fields.

 

Good luck,

 

James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList) [mailto:

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"




___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
  

Re: LDAP timestamps

[VanSickle, James W]

Unfortunately not, it was two years and two companies ago now.  I know
it exists because I spent over a week pulling my hair out on the same
issue, then bit the bullet and called BMC who promptly sent me the
article.  You should get BMC Support to send you the article too.  For
some reason, not all KB articles are publically available on their
knowledge base.  I don't know if that is by design, just a configuration
problem, or just something screwy in how the Knowledge Base does its
searches.

 

James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Tricky
Sent: Friday, October 24, 2008 10:55 AM
To: arslist@ARSLIST.ORG
Subject: Re: [ARSLIST] LDAP timestamps

 

** 

Using the date/time field displays a different date than the actual
date... It displays 12/31/1969 5:00:00 PM instead of 10/18/2008
16:23:52.  Do you remember what to add on the ar.cfg?  I can't find the
KB on BMC support.

 

Thanks,

Jason



--- On Fri, 10/24/08, VanSickle, James W
<[EMAIL PROTECTED]> wrote:

From: VanSickle, James W <[EMAIL PROTECTED]>
    Subject: Re: LDAP timestamps
To: arslist@ARSLIST.ORG
Date: Friday, October 24, 2008, 8:19 AM

** 

If you are using a Vendor form, the conversion should be
automatic in using a Date/Time field.  However, at a previous company I
was at, their LDAP system had date/times stored in a slightly different
format than normal.  BMC Support has a KB article that outlines settings
you can add to your ar.cfg file to recognize the different LDAP
date/time formats.  It has been two years since I last used it, but
remember that it worked to fix my problem reading LDAP dates/time
fields.

 

Good luck,

 

James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList) [mailto:

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP timestamps

[Jason Tricky]

Using the date/time field displays a different date than the actual date... It 
displays 12/31/1969 5:00:00 PM instead of 10/18/2008 16:23:52.  Do you remember 
what to add on the ar.cfg?  I can't find the KB on BMC support.
 
Thanks,
Jason


--- On Fri, 10/24/08, VanSickle, James W <[EMAIL PROTECTED]> wrote:

From: VanSickle, James W <[EMAIL PROTECTED]>
Subject: Re: LDAP timestamps
To: arslist@ARSLIST.ORG
Date: Friday, October 24, 2008, 8:19 AM


** 





If you are using a Vendor form, the conversion should be automatic in using a 
Date/Time field.  However, at a previous company I was at, their LDAP system 
had date/times stored in a slightly different format than normal.  BMC Support 
has a KB article that outlines settings you can add to your ar..cfg file to 
recognize the different LDAP date/time formats.  It has been two years since I 
last used it, but remember that it worked to fix my problem reading LDAP 
dates/time fields.
 
Good luck,
 

James Van Sickle
Remedy Developer
Office: 972-409-4902
Mobile: 214-399-1254




From: Action Request System discussion list(ARSList) [mailto: 
arslist@ARSLIST.ORG ] On Behalf Of Jason Tricky
Sent: Friday, October 24, 2008 10:06 AM
To: arslist@ARSLIST.ORG
Subject: [ARSLIST] LDAP timestamps
 
** 





How do I convert LDAP timestamps on Remedy so it would show the date and time?  

 

Thanks,

Jason

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" html___ 


The sender of this e-mail is a contractor to Commercial Metals Company or 
subsidiaries (collectively "CMC"). The sender is not an employee of CMC and has 
no authority, express or implied, to bind CMC to any transaction or contract. 
CMC allows contractors to utilize this email address extension only in the 
course of providing services specifically covered by the terms of their 
engagement. No other use is authorized. CMC expressly disclaims liability for 
any unauthorized use. 

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" html___ 




___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP timestamps

[VanSickle, James W]

If you are using a Vendor form, the conversion should be automatic in
using a Date/Time field.  However, at a previous company I was at, their
LDAP system had date/times stored in a slightly different format than
normal.  BMC Support has a KB article that outlines settings you can add
to your ar.cfg file to recognize the different LDAP date/time formats.
It has been two years since I last used it, but remember that it worked
to fix my problem reading LDAP dates/time fields.

 

Good luck,

 

James Van Sickle

Remedy Developer

Office: 972-409-4902

Mobile: 214-399-1254



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Tricky
Sent: Friday, October 24, 2008 10:06 AM
To: arslist@ARSLIST.ORG
Subject: [ARSLIST] LDAP timestamps

 

** 

How do I convert LDAP timestamps on Remedy so it would show the date and
time?  

 

Thanks,

Jason


__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 


_

The sender of this e-mail is a contractor to Commercial Metals Company
or subsidiaries (collectively "CMC").  The sender is not an employee of
CMC and has no authority, express or implied, to bind CMC to any transaction
or contract.  CMC allows contractors to utilize this email address extension
only in the course of providing services specifically covered by the terms
of their engagement.  No other use is authorized. CMC expressly disclaims
liability for any unauthorized use.
_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Integration with AR Server

[sivarama velicheti]

On Fri, Aug 10, 2007 at 12:00 AM, ITSM Support <[EMAIL PROTECTED]>
wrote:

> **
>
> *ARERR 100* is related to:
>
>
>
> Request ID parameter is empty.
>
> The operation being performed requires the request ID to be specified, but
> the parameter was not supplied. Try the operation again, this time
> specifying the request ID for the entry.
>
>
>
> Hope this helps...
>
>
>
> *Regards, *
>
> * *
>
> *Sandeep *
>
> *Vyom Labs Pvt. Ltd. *
>
> *An ISO 2 certified company. *
>
> *Consulting | Outsourcing | Training || BMC Remedy BSM | ITIL *
>
> *Web: www.vyomlabs.com   *
>
>
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> [EMAIL PROTECTED] On Behalf Of Troy Sasso
> Sent: Saturday, July 19, 2008 12:03 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: LDAP Integration with AR Server
>
>
>
> Has anyone seen the ARERR 100 issue with Vendor form integration?
>
>
>
>
>
>
>
>
>
>
>
>
>
> --- On Thu, 7/17/08, Rick Cook <[EMAIL PROTECTED]> wrote:
>
>
>
> > From: Rick Cook <[EMAIL PROTECTED]>
>
> > Subject: Re: LDAP Integration with AR Server
>
> > To: arslist@ARSLIST.ORG
>
> > Date: Thursday, July 17, 2008, 1:56 PM
>
> > Are you integrating LDAP with ITSM 7?  If so, you will want
>
> > to have an
>
> > intermediate form of your own construction into which to
>
> > push the data from
>
> > LDAP.  Then you can check the data for accuracy,
>
> > requirements of ITSM, and
>
> > do any formatting you need, etc., and THEN push from that
>
> > form into the
>
> > People form.
>
> >
>
> > Rick
>
> >
>
> > On Thu, Jul 17, 2008 at 1:45 PM, sivarama velicheti
>
> > <[EMAIL PROTECTED]>
>
> > wrote:
>
> >
>
> > > **
>
> > >  Hi there,
>
> > >
>
> > > Thanks for your help replying to my question.
>
> > I have filled the
>
> > > ARDBC configuration form (not the AREA LDAP
>
> > Configuration), and was able to
>
> > > create a vendor form and access the data. But now
>
> > comes one more hurdle.
>
> > >
>
> > >  i) How do I populate the User form with the details
>
> > of the vendor form. I
>
> > > have been returned all the Users in the system. How do
>
> > I populate the user
>
> > > form with only the details of only the people who
>
> > would be accessing
>
> > > remedy??
>
> > >
>
> > > ii) Will populating the user form populate the People
>
> > form as well??
>
> > >
>
> > > Thanks
>
> > > Siva
>
> > > __Platinum Sponsor: www.rmsportal.com ARSlist:
>
> > "Where the Answers Are"
>
> > > html___
>
> > >
>
> >
>
> >
> ___
>
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>
> > Platinum Sponsor: www.rmsportal.com ARSlist: "Where
>
> > the Answers Are"
>
>
>
>
>
>
>
>
>
>
> ___
>
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>
> Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
>  __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
> html___
>

 Thanks Guys, For your inputs. I was able to proceed forward. But I am
facing different issues now. It may sound extremely weird and I just want to
get your inputs.
 I am trying to integrate LDAP with remedy 7.1. I am till the
point where I have filled in the ARDBC LDAP Configuration form and am able
to create a vendor form. But my issue is that the available tables in the
LDAP that I see are different from the available tables in the current 6.3
prod system. I have used the same LDAP binduser name and password as that in
AR Server 6.3. In case I select the table URL from the prod system (which
currently runs remedy 6.3) and paste it in the tables field and click load
(in the 7.1 implementation) the number of attributes (or fields) retrieved
is way less in 7.1 as compared to the 6.3 system. I have authenticated the
ARDBC form against the same user as that in the prod system. Then why is 7.1
acting differently? Has any one encountered similar issues in the past? Here
is some information which might help you guys

Current System: AR Server Version 7.1.00 Build
200708221849 ProdSystem: AR Server 6.03.00 patch
21

Database: Microsoft SQL-Server 2005
(Remote)Database: Oracle
Release *9.2.0.5.0 (remote)*

Operating System – Windows 2003
R2. OS:
Windows 2003 R2

(not Unicode
enabled)
(Not sure – if it AR Server was installed with the option. How can I find
it?)


Thanks

Sivarama

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Integration with AR Server

[ITSM Support]

ARERR 100 is related to:

 

Request ID parameter is empty.

The operation being performed requires the request ID to be specified, but
the parameter was not supplied. Try the operation again, this time
specifying the request ID for the entry.

 

Hope this helps... 

 

Regards, 

 

Sandeep 

Vyom Labs Pvt. Ltd. 

An ISO 2 certified company. 

Consulting | Outsourcing | Training || BMC Remedy BSM | ITIL 

Web: www.vyomlabs.com   

 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Troy Sasso
Sent: Saturday, July 19, 2008 12:03 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Integration with AR Server

 

Has anyone seen the ARERR 100 issue with Vendor form integration?

 

 

 

 

 

 

--- On Thu, 7/17/08, Rick Cook <[EMAIL PROTECTED]> wrote:

 

> From: Rick Cook <[EMAIL PROTECTED]>

> Subject: Re: LDAP Integration with AR Server

> To: arslist@ARSLIST.ORG

> Date: Thursday, July 17, 2008, 1:56 PM

> Are you integrating LDAP with ITSM 7?  If so, you will want

> to have an

> intermediate form of your own construction into which to

> push the data from

> LDAP.  Then you can check the data for accuracy,

> requirements of ITSM, and

> do any formatting you need, etc., and THEN push from that

> form into the

> People form.

> 

> Rick

> 

> On Thu, Jul 17, 2008 at 1:45 PM, sivarama velicheti

> <[EMAIL PROTECTED]>

> wrote:

> 

> > **

> >  Hi there,

> >

> > Thanks for your help replying to my question.

> I have filled the

> > ARDBC configuration form (not the AREA LDAP

> Configuration), and was able to

> > create a vendor form and access the data. But now

> comes one more hurdle.

> >

> >  i) How do I populate the User form with the details

> of the vendor form. I

> > have been returned all the Users in the system. How do

> I populate the user

> > form with only the details of only the people who

> would be accessing

> > remedy??

> >

> > ii) Will populating the user form populate the People

> form as well??

> >

> > Thanks

> > Siva

> > __Platinum Sponsor: www.rmsportal.com ARSlist:

> "Where the Answers Are"

> > html___

> >

> 

>

___

> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org

> Platinum Sponsor: www.rmsportal.com ARSlist: "Where

> the Answers Are"

 

 

  

 


___

UNSUBSCRIBE or access ARSlist Archives at www.arslist.org

Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Integration with AR Server

[Troy Sasso]

Has anyone seen the ARERR 100 issue with Vendor form integration?






--- On Thu, 7/17/08, Rick Cook <[EMAIL PROTECTED]> wrote:

> From: Rick Cook <[EMAIL PROTECTED]>
> Subject: Re: LDAP Integration with AR Server
> To: arslist@ARSLIST.ORG
> Date: Thursday, July 17, 2008, 1:56 PM
> Are you integrating LDAP with ITSM 7?  If so, you will want
> to have an
> intermediate form of your own construction into which to
> push the data from
> LDAP.  Then you can check the data for accuracy,
> requirements of ITSM, and
> do any formatting you need, etc., and THEN push from that
> form into the
> People form.
> 
> Rick
> 
> On Thu, Jul 17, 2008 at 1:45 PM, sivarama velicheti
> <[EMAIL PROTECTED]>
> wrote:
> 
> > **
> >  Hi there,
> >
> > Thanks for your help replying to my question.
> I have filled the
> > ARDBC configuration form (not the AREA LDAP
> Configuration), and was able to
> > create a vendor form and access the data. But now
> comes one more hurdle.
> >
> >  i) How do I populate the User form with the details
> of the vendor form. I
> > have been returned all the Users in the system. How do
> I populate the user
> > form with only the details of only the people who
> would be accessing
> > remedy??
> >
> > ii) Will populating the user form populate the People
> form as well??
> >
> > Thanks
> > Siva
> > __Platinum Sponsor: www.rmsportal.com ARSlist:
> "Where the Answers Are"
> > html___
> >
> 
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> Platinum Sponsor: www.rmsportal.com ARSlist: "Where
> the Answers Are"


  

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Integration with AR Server

[Rick Cook]

Are you integrating LDAP with ITSM 7?  If so, you will want to have an
intermediate form of your own construction into which to push the data from
LDAP.  Then you can check the data for accuracy, requirements of ITSM, and
do any formatting you need, etc., and THEN push from that form into the
People form.

Rick

On Thu, Jul 17, 2008 at 1:45 PM, sivarama velicheti <[EMAIL PROTECTED]>
wrote:

> **
>  Hi there,
>
> Thanks for your help replying to my question. I have filled the
> ARDBC configuration form (not the AREA LDAP Configuration), and was able to
> create a vendor form and access the data. But now comes one more hurdle.
>
>  i) How do I populate the User form with the details of the vendor form. I
> have been returned all the Users in the system. How do I populate the user
> form with only the details of only the people who would be accessing
> remedy??
>
> ii) Will populating the user form populate the People form as well??
>
> Thanks
> Siva
> __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
> html___
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Integration with AR Server

[sivarama velicheti]

 Hi there,

Thanks for your help replying to my question. I have filled the
ARDBC configuration form (not the AREA LDAP Configuration), and was able to
create a vendor form and access the data. But now comes one more hurdle.

 i) How do I populate the User form with the details of the vendor form. I
have been returned all the Users in the system. How do I populate the user
form with only the details of only the people who would be accessing
remedy??

ii) Will populating the user form populate the People form as well??

Thanks
Siva

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Integration with AR Server

[ITSM Support]

Hi Bunny,

 

For LDAP Integration, there is a AREA LDAP Configuration FORM. In this form
Check the Host Name, Bind User name and password should be correct.

After that go to server information and there is EA (External
Authentication) Tab.

 

For Testing Purpose try to authenticate using LDAP user into remedy
depending on your requirement like 

Authenticated unregistered users and Cross Reference blank password.

 

Hope this helps... 

 

Regards, 

 

Sandeep 

Vyom Labs Pvt. Ltd. 

An ISO 2 certified company. 

Consulting | Outsourcing | Training || BMC Remedy BSM | ITIL 

Web: www.vyomlabs.com  

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Thursday, July 17, 2008 4:51 AM
To: arslist@ARSLIST.ORG
Subject: LDAP Integration with AR Server

 

** 


Hi,

I am new to remedy, please help!!! I am trying to integrate LDAP
server with the AR Server. I want to download the users in the LDAP system
and map them into the AR System User form. How do I do this. I read the
guides and found out that I need to fill in the ARDBC and AREA plugin forms
and create a vendor form. But still I am unsure and unclear as to how to do
this. Can anyone please help me with this. After I have established the
connection how do I test that it has been connected??  After filling in the
ARDBC form I am trying to create a vendor form but I am not able to get any
option to select available vendor names or tables. Do I need to create them
externally?? Can anyone give me a brief description as to how to achieve my
target.

-- 
Thanks
bunny



__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Problem with vendor form

[Troy Sasso]

Try to plug your values into the following tool first.

Softerra LDAP Browser.  

http://www.ldapbrowser.com/

I've always used this as a prep to an AD or LDAP read for Remedy.  The Softerra 
tool is free and builds the URL for you.  Once you connect via Softerra and are 
happy with what you see, simply copy/paste the URL from softerra into the 
Vendor form and presto.

But, before you can plug this into Remedy, make sure you configure ARDBC 
properly.

Troy





--- On Mon, 7/14/08, Leonard Neely <[EMAIL PROTECTED]> wrote:

> From: Leonard Neely <[EMAIL PROTECTED]>
> Subject: Re: LDAP Problem with vendor form
> To: arslist@ARSLIST.ORG
> Date: Monday, July 14, 2008, 10:44 AM
> Also, if Norm's suggestions don't resolve your issue
> (correct those
> first), You may want to check your default Plugin Server
> timeout. 
> 
> How many LDAP records do you expect to be returned via your
> vendor form?
> If it is a large amount, your Plug-In server may be timing
> out before it
> can load the connector and related tables. In this case,
> you may need to
> set the Default Plugin Server timeout to a higher value. I
> think the
> default is 60 seconds. We had a similar issue, where we had
> over 100K
> LDAP records, and had to set the timeout to 500 before we
> could even
> create the vendor form.
> 
> Also, what's your platform/version, etc.
> 
> HTH
> 
> Leonard Neely
> 
>  
> 
> -Original Message-
> 
> From: Action Request System discussion list(ARSList) [
> mailto:arslist@ARSLIST.ORG
> <mailto:arslist@ARSLIST.ORG> ] On Behalf Of
> Kaiser Norm E CIV USAF 96 CS/SCCE
> 
> Sent: Monday, July 14, 2008 10:09 AM
> 
> To: arslist@ARSLIST.ORG
> 
> Subject: Re: LDAP Problem with vendor form
> 
> Two things:
> 
> First, if you're using ARDBC, you don't need to
> fill out the AREA config
> info. Second, your LDAP connection string has spaces in it
> which is
> probably goofing up the connection.
> 
> -Original Message-
> 
> From: Action Request System discussion list(ARSList) [
> mailto:arslist@ARSLIST.ORG
> <mailto:arslist@ARSLIST.ORG> ] On Behalf Of
> manu_alcala
> 
> Sent: Monday, July 14, 2008 12:04 PM
> 
> To: arslist@ARSLIST.ORG
> 
> Subject: LDAP Problem with vendor form
> 
> Hi everyone!
> 
> I'm trying to connect with a LDAP server and I have a
> problem when I try
> to create the vendor form: The steps I have followed to
> configure LDAP
> are:
> 
> 1- Configure AREA LDAP form with the following:
> 
> hostname: ldapdes.corp
> 
> port: 389
> 
> blind user: aplmiro
> 
> blind password: 
> 
> user base: o=Grupo Santander, o=Grupo Santander user search
> filter:
> BSalias=$\USER$ group membership: none
> 
> 2- Configure ARDBC LDAP form with the correct settings.
> 
> 3- Try to create the vendor form; but i have nothing in the
> available
> form. I type ARSYS.ARDBC.LDAP and in the available table i
> type
> ldap://ldapdes.corp/o=Grupo Santander,o=Grupo
> Santander??sub?
> 
> (objectclass=user) but nothing is loaded and the conector
> is not found.
> 
> I have created a vendor form "empty" and one time
> created i type in the
> form properties (in vendor information tab) the previous
> settings
> (ARSYS.ARDBC.LDAP and ldap://ldapdes.cor.) but any
> times show a
> message of incorrect sintax of Base DN... or can't
> connect to the LDAP
> URL... or the connector doesn't exist...
> 
> I don't know what i have to do to configure the vendor
> form properly
> because the settings in the AREA LDAP and ARDBC LDAP are
> correctly...
> 
> Please help me!
> 
> Thank you forward!!!
> 
> 
> 
> ___
> 
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> Platinum
> Sponsor: www.rmsportal.com ARSlist: "Where the Answers
> Are"
> 
> 
> ___
> 
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> Platinum
> Sponsor: www.rmsportal.com ARSlist: "Where the Answers
> Are"


  

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Problem with vendor form

[Leonard Neely]

Also, if Norm's suggestions don't resolve your issue (correct those
first), You may want to check your default Plugin Server timeout. 

How many LDAP records do you expect to be returned via your vendor form?
If it is a large amount, your Plug-In server may be timing out before it
can load the connector and related tables. In this case, you may need to
set the Default Plugin Server timeout to a higher value. I think the
default is 60 seconds. We had a similar issue, where we had over 100K
LDAP records, and had to set the timeout to 500 before we could even
create the vendor form.

Also, what's your platform/version, etc.

HTH

Leonard Neely

 

-Original Message-

From: Action Request System discussion list(ARSList) [
mailto:arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> ] On Behalf Of
Kaiser Norm E CIV USAF 96 CS/SCCE

Sent: Monday, July 14, 2008 10:09 AM

To: arslist@ARSLIST.ORG

Subject: Re: LDAP Problem with vendor form

Two things:

First, if you're using ARDBC, you don't need to fill out the AREA config
info. Second, your LDAP connection string has spaces in it which is
probably goofing up the connection.

-Original Message-

From: Action Request System discussion list(ARSList) [
mailto:arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> ] On Behalf Of
manu_alcala

Sent: Monday, July 14, 2008 12:04 PM

To: arslist@ARSLIST.ORG

Subject: LDAP Problem with vendor form

Hi everyone!

I'm trying to connect with a LDAP server and I have a problem when I try
to create the vendor form: The steps I have followed to configure LDAP
are:

1- Configure AREA LDAP form with the following:

hostname: ldapdes.corp

port: 389

blind user: aplmiro

blind password: 

user base: o=Grupo Santander, o=Grupo Santander user search filter:
BSalias=$\USER$ group membership: none

2- Configure ARDBC LDAP form with the correct settings.

3- Try to create the vendor form; but i have nothing in the available
form. I type ARSYS.ARDBC.LDAP and in the available table i type
ldap://ldapdes.corp/o=Grupo Santander,o=Grupo Santander??sub?

(objectclass=user) but nothing is loaded and the conector is not found.

I have created a vendor form "empty" and one time created i type in the
form properties (in vendor information tab) the previous settings
(ARSYS.ARDBC.LDAP and ldap://ldapdes.cor.) but any times show a
message of incorrect sintax of Base DN... or can't connect to the LDAP
URL... or the connector doesn't exist...

I don't know what i have to do to configure the vendor form properly
because the settings in the AREA LDAP and ARDBC LDAP are correctly...

Please help me!

Thank you forward!!!



___

UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum
Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"


___

UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum
Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Problem with vendor form

[Kaiser Norm E CIV USAF 96 CS/SCCE]

Two things:

First, if you're using ARDBC, you don't need to fill out the AREA config
info.  Second, your LDAP connection string has spaces in it which is
probably goofing up the connection.

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of manu_alcala
Sent: Monday, July 14, 2008 12:04 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Problem with vendor form

Hi everyone!

I'm trying to connect with a LDAP server and I have a problem when I
try to create the vendor form: The steps I have followed to configure
LDAP are:

1- Configure AREA LDAP form with the following:

hostname: ldapdes.corp
port: 389
blind user: aplmiro
blind password: 
user base: o=Grupo Santander, o=Grupo Santander
user search filter: BSalias=$\USER$
group membership: none

2- Configure ARDBC LDAP form with the correct settings.

3- Try to create the vendor form; but i have nothing in the available
form. I type ARSYS.ARDBC.LDAP and in the available table i type
ldap://ldapdes.corp/o=Grupo Santander,o=Grupo Santander??sub?
(objectclass=user) but nothing is loaded and the conector is not
found.

I have created a vendor form "empty" and one time created i type in
the form properties (in vendor information tab) the previous settings
(ARSYS.ARDBC.LDAP and ldap://ldapdes.cor.) but any times show a
message of incorrect sintax of Base DN... or can't connect to the LDAP
URL... or the connector doesn't exist...

I don't know what i have to do to configure the vendor form properly
because the settings in the AREA LDAP and ARDBC LDAP are correctly...

Please help me!

Thank you forward!!!


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP login issue....

[Grooms, Frederick W]

You can add field 118 (AD User Auth) to the User form and backfill it
with your domain.  FYI  Users can also put the domain in the
Authentication field on the login and have just their username in the
User Name field when logging in.
 
Field 118 is described in the ConfigGuide-630.pdf manual starting on
page 64
 
Fred



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Copits
Sent: Wednesday, May 28, 2008 7:53 AM
To: arslist@ARSLIST.ORG
Subject: LDAP login issue

First, a BIG THANK YOU to all who responded to my emails for LDAP 
advice. I now have it running - and apparently correctly. However, I
have one more question. Previously, when I entered username and
password into Remedy, a user could log in using just the username 
and password. Now that the LDAP code is working, users now have
to enter their username in the form "domain/username". Since we
only have one login domain, is there any way I can add code to Remedy
that automatically "tacks on" the domain name to the front so that they
only have to type in their username? Thanks for any help, suggestions,
etc. 



 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Plugin (UNCLASSIFIED)

[Haque, Rezaul R]

Thanks, I will try go back a java version and give a try and let you
know the outcome.

Thanks
Rezaul


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 12:30 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

We used download JDK 1.5 update 15 from below website

https://sdlc1e.sun.com/ECom/EComActionServlet/DownloadPage:~:com.sun.sun
it.s
dlc.content.DownloadPageInfo;jsessionid=2735330AF0371BF95D99CC1455D36724
;jse
ssionid=2735330AF0371BF95D99CC1455D36724

I hope this helps...

Alex

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 1:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

What version of JAVA you have used? I might try that if that compatible
with 7.0.1 patch 2. And thank you for your inputs regarding this issue.

Thanks
Rezaul


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 12:02 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Has JAVA been upgraded recently? We are running 6.3 here and upgraded
JAVA
and had a similar error, where the Plug-in wouldn't start. It actually
cleared the configuration in the AREA LDAP form. We installed the
earlier
version of JAVA and it fixed the issue. 

Alex

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:49 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

java version "1.6.0_03"


Thanks
Rezaul

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Have you checked your JAVA version? 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Plugin

** 

Is there anyone have the same issue that I am having described below.?

We are in ARS 7.0.1 patch 2

OS Sun Solaris

Database Oracle 9.2.0.8.0

 

Every time we try to create a vendor form it's give me an error below

"The AR System Plug-In server is not responding.  Cannot connect to the
system at this time.  Contact your AR System Administrator for
assistance. :
RPC: Timed out (ARERR 8939)."

 

I talked to our vendor whose suggestion was  to do the following below
and
we have done all of it but still no improvement.

 

There are several ways to work around this problem. 

1. You can add the following line to the ar.cfg/ar.conf file:

 

Server-Plugin-Default-Timeout: 500

 

This increases the Plug-in Server timeout theshold. Although this may
prevent the ARERR 8939 from occuring, all it is really doing is
providing
more time for the Plug-in Server before issuing the error.

 

2. Change the Page Size to something smaller like 1000

 

During discovery, data is returned from the LDAP database in chunks.

This is affectively changing the chunk size.

 

3. Change the BaseDN in the ARDBC LDAP Configuration form to someting
more
specific

 

The BaseDN tells the Plug-in Server where in the LDAP database to start
looking for data. LDAP databases are organized in a tree structure.

Having a BaseDN near the root structure will mean that it finds all the
data
contained within resulting in a lengthy discovery process. If a
BaseDN
closer to the location of the data is used, then there is less
information
to process and discovery is faster.

 

4. Don't use the Vendor form wizard to create the vendor form.

 

 

After this our vendor have suggested to upgrade the LDAP plugin to patch
3 .
still having the same issue.

 

 

Thanks

Rezaul Haque

 


E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.







__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 

Re: LDAP Plugin (UNCLASSIFIED)

[Alicea, Alex CTR USA]

Classification:  UNCLASSIFIED 
Caveats: NONE

We used download JDK 1.5 update 15 from below website

https://sdlc1e.sun.com/ECom/EComActionServlet/DownloadPage:~:com.sun.sunit.s
dlc.content.DownloadPageInfo;jsessionid=2735330AF0371BF95D99CC1455D36724;jse
ssionid=2735330AF0371BF95D99CC1455D36724

I hope this helps...

Alex

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 1:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

What version of JAVA you have used? I might try that if that compatible
with 7.0.1 patch 2. And thank you for your inputs regarding this issue.

Thanks
Rezaul


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 12:02 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Has JAVA been upgraded recently? We are running 6.3 here and upgraded
JAVA
and had a similar error, where the Plug-in wouldn't start. It actually
cleared the configuration in the AREA LDAP form. We installed the
earlier
version of JAVA and it fixed the issue. 

Alex

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:49 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

java version "1.6.0_03"


Thanks
Rezaul

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Have you checked your JAVA version? 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Plugin

** 

Is there anyone have the same issue that I am having described below.?

We are in ARS 7.0.1 patch 2

OS Sun Solaris

Database Oracle 9.2.0.8.0

 

Every time we try to create a vendor form it's give me an error below

"The AR System Plug-In server is not responding.  Cannot connect to the
system at this time.  Contact your AR System Administrator for
assistance. :
RPC: Timed out (ARERR 8939)."

 

I talked to our vendor whose suggestion was  to do the following below
and
we have done all of it but still no improvement.

 

There are several ways to work around this problem. 

1. You can add the following line to the ar.cfg/ar.conf file:

 

Server-Plugin-Default-Timeout: 500

 

This increases the Plug-in Server timeout theshold. Although this may
prevent the ARERR 8939 from occuring, all it is really doing is
providing
more time for the Plug-in Server before issuing the error.

 

2. Change the Page Size to something smaller like 1000

 

During discovery, data is returned from the LDAP database in chunks.

This is affectively changing the chunk size.

 

3. Change the BaseDN in the ARDBC LDAP Configuration form to someting
more
specific

 

The BaseDN tells the Plug-in Server where in the LDAP database to start
looking for data. LDAP databases are organized in a tree structure.

Having a BaseDN near the root structure will mean that it finds all the
data
contained within resulting in a lengthy discovery process. If a
BaseDN
closer to the location of the data is used, then there is less
information
to process and discovery is faster.

 

4. Don't use the Vendor form wizard to create the vendor form.

 

 

After this our vendor have suggested to upgrade the LDAP plugin to patch
3 .
still having the same issue.

 

 

Thanks

Rezaul Haque

 


E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.







__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 
Classification:  UNCLASSIFIED 
Caveats: NONE



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments ar

Re: LDAP Plugin (UNCLASSIFIED)

[Haque, Rezaul R]

What version of JAVA you have used? I might try that if that compatible
with 7.0.1 patch 2. And thank you for your inputs regarding this issue.

Thanks
Rezaul


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 12:02 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Has JAVA been upgraded recently? We are running 6.3 here and upgraded
JAVA
and had a similar error, where the Plug-in wouldn't start. It actually
cleared the configuration in the AREA LDAP form. We installed the
earlier
version of JAVA and it fixed the issue. 

Alex

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:49 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

java version "1.6.0_03"


Thanks
Rezaul

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Have you checked your JAVA version? 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Plugin

** 

Is there anyone have the same issue that I am having described below.?

We are in ARS 7.0.1 patch 2

OS Sun Solaris

Database Oracle 9.2.0.8.0

 

Every time we try to create a vendor form it's give me an error below

"The AR System Plug-In server is not responding.  Cannot connect to the
system at this time.  Contact your AR System Administrator for
assistance. :
RPC: Timed out (ARERR 8939)."

 

I talked to our vendor whose suggestion was  to do the following below
and
we have done all of it but still no improvement.

 

There are several ways to work around this problem. 

1. You can add the following line to the ar.cfg/ar.conf file:

 

Server-Plugin-Default-Timeout: 500

 

This increases the Plug-in Server timeout theshold. Although this may
prevent the ARERR 8939 from occuring, all it is really doing is
providing
more time for the Plug-in Server before issuing the error.

 

2. Change the Page Size to something smaller like 1000

 

During discovery, data is returned from the LDAP database in chunks.

This is affectively changing the chunk size.

 

3. Change the BaseDN in the ARDBC LDAP Configuration form to someting
more
specific

 

The BaseDN tells the Plug-in Server where in the LDAP database to start
looking for data. LDAP databases are organized in a tree structure.

Having a BaseDN near the root structure will mean that it finds all the
data
contained within resulting in a lengthy discovery process. If a
BaseDN
closer to the location of the data is used, then there is less
information
to process and discovery is faster.

 

4. Don't use the Vendor form wizard to create the vendor form.

 

 

After this our vendor have suggested to upgrade the LDAP plugin to patch
3 .
still having the same issue.

 

 

Thanks

Rezaul Haque

 


E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.







__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 
Classification:  UNCLASSIFIED 
Caveats: NONE



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.

Re: LDAP Plugin (UNCLASSIFIED)

[Alicea, Alex CTR USA]

Classification:  UNCLASSIFIED 
Caveats: NONE

Has JAVA been upgraded recently? We are running 6.3 here and upgraded JAVA
and had a similar error, where the Plug-in wouldn't start. It actually
cleared the configuration in the AREA LDAP form. We installed the earlier
version of JAVA and it fixed the issue. 

Alex

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:49 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

java version "1.6.0_03"


Thanks
Rezaul

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Have you checked your JAVA version? 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Plugin

** 

Is there anyone have the same issue that I am having described below.?

We are in ARS 7.0.1 patch 2

OS Sun Solaris

Database Oracle 9.2.0.8.0

 

Every time we try to create a vendor form it's give me an error below

"The AR System Plug-In server is not responding.  Cannot connect to the
system at this time.  Contact your AR System Administrator for
assistance. :
RPC: Timed out (ARERR 8939)."

 

I talked to our vendor whose suggestion was  to do the following below
and
we have done all of it but still no improvement.

 

There are several ways to work around this problem. 

1. You can add the following line to the ar.cfg/ar.conf file:

 

Server-Plugin-Default-Timeout: 500

 

This increases the Plug-in Server timeout theshold. Although this may
prevent the ARERR 8939 from occuring, all it is really doing is
providing
more time for the Plug-in Server before issuing the error.

 

2. Change the Page Size to something smaller like 1000

 

During discovery, data is returned from the LDAP database in chunks.

This is affectively changing the chunk size.

 

3. Change the BaseDN in the ARDBC LDAP Configuration form to someting
more
specific

 

The BaseDN tells the Plug-in Server where in the LDAP database to start
looking for data. LDAP databases are organized in a tree structure.

Having a BaseDN near the root structure will mean that it finds all the
data
contained within resulting in a lengthy discovery process. If a
BaseDN
closer to the location of the data is used, then there is less
information
to process and discovery is faster.

 

4. Don't use the Vendor form wizard to create the vendor form.

 

 

After this our vendor have suggested to upgrade the LDAP plugin to patch
3 .
still having the same issue.

 

 

Thanks

Rezaul Haque

 


E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.







__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 
Classification:  UNCLASSIFIED 
Caveats: NONE



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
Classification:  UNCLASSIFIED 
Caveats: NONE


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"


smime.p7s
Description: S/MIME cryptographic signature

Re: LDAP Plugin (UNCLASSIFIED)

[Haque, Rezaul R]

java version "1.6.0_03"


Thanks
Rezaul

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Alicea, Alex CTR USA
Sent: Thursday, May 01, 2008 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP Plugin (UNCLASSIFIED)

Classification:  UNCLASSIFIED 
Caveats: NONE

Have you checked your JAVA version? 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Plugin

** 

Is there anyone have the same issue that I am having described below.?

We are in ARS 7.0.1 patch 2

OS Sun Solaris

Database Oracle 9.2.0.8.0

 

Every time we try to create a vendor form it's give me an error below

"The AR System Plug-In server is not responding.  Cannot connect to the
system at this time.  Contact your AR System Administrator for
assistance. :
RPC: Timed out (ARERR 8939)."

 

I talked to our vendor whose suggestion was  to do the following below
and
we have done all of it but still no improvement.

 

There are several ways to work around this problem. 

1. You can add the following line to the ar.cfg/ar.conf file:

 

Server-Plugin-Default-Timeout: 500

 

This increases the Plug-in Server timeout theshold. Although this may
prevent the ARERR 8939 from occuring, all it is really doing is
providing
more time for the Plug-in Server before issuing the error.

 

2. Change the Page Size to something smaller like 1000

 

During discovery, data is returned from the LDAP database in chunks.

This is affectively changing the chunk size.

 

3. Change the BaseDN in the ARDBC LDAP Configuration form to someting
more
specific

 

The BaseDN tells the Plug-in Server where in the LDAP database to start
looking for data. LDAP databases are organized in a tree structure.

Having a BaseDN near the root structure will mean that it finds all the
data
contained within resulting in a lengthy discovery process. If a
BaseDN
closer to the location of the data is used, then there is less
information
to process and discovery is faster.

 

4. Don't use the Vendor form wizard to create the vendor form.

 

 

After this our vendor have suggested to upgrade the LDAP plugin to patch
3 .
still having the same issue.

 

 

Thanks

Rezaul Haque

 


E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.







__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 
Classification:  UNCLASSIFIED 
Caveats: NONE



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Plugin (UNCLASSIFIED)

[Alicea, Alex CTR USA]

Classification:  UNCLASSIFIED 
Caveats: NONE

Have you checked your JAVA version? 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Haque, Rezaul R
Sent: Thursday, May 01, 2008 12:05 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Plugin

** 

Is there anyone have the same issue that I am having described below.?

We are in ARS 7.0.1 patch 2

OS Sun Solaris

Database Oracle 9.2.0.8.0

 

Every time we try to create a vendor form it's give me an error below

"The AR System Plug-In server is not responding.  Cannot connect to the
system at this time.  Contact your AR System Administrator for assistance. :
RPC: Timed out (ARERR 8939)."

 

I talked to our vendor whose suggestion was  to do the following below and
we have done all of it but still no improvement.

 

There are several ways to work around this problem. 

1. You can add the following line to the ar.cfg/ar.conf file:

 

Server-Plugin-Default-Timeout: 500

 

This increases the Plug-in Server timeout theshold. Although this may
prevent the ARERR 8939 from occuring, all it is really doing is providing
more time for the Plug-in Server before issuing the error.

 

2. Change the Page Size to something smaller like 1000

 

During discovery, data is returned from the LDAP database in chunks.

This is affectively changing the chunk size.

 

3. Change the BaseDN in the ARDBC LDAP Configuration form to someting more
specific

 

The BaseDN tells the Plug-in Server where in the LDAP database to start
looking for data. LDAP databases are organized in a tree structure.

Having a BaseDN near the root structure will mean that it finds all the data
contained within resulting in a lengthy discovery process. If a BaseDN
closer to the location of the data is used, then there is less information
to process and discovery is faster.

 

4. Don't use the Vendor form wizard to create the vendor form.

 

 

After this our vendor have suggested to upgrade the LDAP plugin to patch 3 .
still having the same issue.

 

 

Thanks

Rezaul Haque

 


E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.







__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 
Classification:  UNCLASSIFIED 
Caveats: NONE


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"


smime.p7s
Description: S/MIME cryptographic signature

Re: LDAP arplugin failure problem

[Maria C Delagarza]

Thanks for the great advice!  I knew I could count on smart people J As it
turned out we did not have enough qualifications in the Vendor form table
properties.  When we limited the table properties to A-E etc as some of you
suggested we were able to retrieve all of the records in 5 escalations.
Many thanks!

 

MCD

 

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Heider, Stephen
Sent: Friday, March 07, 2008 6:31 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP arplugin failure problem

 

** 

Maria,

 

Another option to get around the LDAP query limitation is to create a single
SQL View comprised of multiple SELECTs that are UNIONed together.  You can
then query this view and retrieve all LDAP entries.

 

See the email from January 9 entitled "Re: LDAP Question".  There is a
script attached that can be used to create the SQL View.

 

Stephen

Remedy Skilled Professional

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Bean
Sent: Thursday, March 06, 2008 7:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP arplugin failure problem

 

Hi Maria,

I would guess that your LDAP server has an entry count limit on the number
of records that can be returned by a search.  This is fairly common --
usually LDAP servers are set to an entry count limit of 1 or 2 thousand
records.  If the LDAP admin is unwilling or unable to alter this setting,
you might try breaking it up into multiple escalations that search for the
users in manageable chunks (e.g., all users with user names starting with
"A", then "B", then "C", etc.).  Each letter of the alphabet would have to
return fewer entries than the LDAP entry count limit, of course.  That would
a whopping 26 escalations instead of one, but it might work, depending upon
how many users you have in LDAP.

 

If you can go another route, I have found that it is much easier to set up
this kind of import using a view form to an external database rather than an
vendor form using the ARDBC LDAP plugin.

 

--Thomas

 

- Original Message - 

From: Maria C Delagarza <mailto:[EMAIL PROTECTED]>  

Newsgroups: gmane.comp.crm.arsystem.general

To: arslist@ARSLIST.ORG 

Sent: Thursday, March 06, 2008 1:07 PM

Subject: LDAP arplugin failure problem

 

** 

Hi Listers,

 

I am appealing to people smarter than myself.  I currently am having an
issue with an LDAP import.  Here is the scenario:

 

We are connected to the LDAP and can run queries on the Vendor Form that
return the record we want to see.  However, when we run the same query
through a filter escalation the arplugin fails and does not give an error
message..it fails around 50K records or so.  Any thoughts?

 

We are running ARS 7.1 Patch 006

MS SQL 2005

Windows Server 2003

 

Any help is much appreciated, we are trying to get to a pilot on Monday and
this problem is preventing our CTM:People population.

 

 

Thanks.

 

MCD

Maria C Delagarza

AR System Specialist

Eluri Designs

eluridesign.com

[EMAIL PROTECTED]

 

 

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers
Are" html___


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP arplugin failure problem

[Heider, Stephen]

Maria,

 

Another option to get around the LDAP query limitation is to create a
single SQL View comprised of multiple SELECTs that are UNIONed together.
You can then query this view and retrieve all LDAP entries.

 

See the email from January 9 entitled "Re: LDAP Question".  There is a
script attached that can be used to create the SQL View.

 

Stephen

Remedy Skilled Professional

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Bean
Sent: Thursday, March 06, 2008 7:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP arplugin failure problem

 

Hi Maria,

I would guess that your LDAP server has an entry count limit on the
number of records that can be returned by a search.  This is fairly
common -- usually LDAP servers are set to an entry count limit of 1 or 2
thousand records.  If the LDAP admin is unwilling or unable to alter
this setting, you might try breaking it up into multiple escalations
that search for the users in manageable chunks (e.g., all users with
user names starting with "A", then "B", then "C", etc.).  Each letter of
the alphabet would have to return fewer entries than the LDAP entry
count limit, of course.  That would a whopping 26 escalations instead of
one, but it might work, depending upon how many users you have in LDAP.

 

If you can go another route, I have found that it is much easier to set
up this kind of import using a view form to an external database rather
than an vendor form using the ARDBC LDAP plugin.

 

--Thomas

 

- Original Message - 

From: Maria C Delagarza
<mailto:[EMAIL PROTECTED]>  

Newsgroups: gmane.comp.crm.arsystem.general

To: arslist@ARSLIST.ORG 

Sent: Thursday, March 06, 2008 1:07 PM

Subject: LDAP arplugin failure problem

 

** 

Hi Listers,

 

I am appealing to people smarter than myself.  I currently am
having an issue with an LDAP import.  Here is the scenario:

 

We are connected to the LDAP and can run queries on the Vendor
Form that return the record we want to see.  However, when we run the
same query through a filter escalation the arplugin fails and does not
give an error messageit fails around 50K records or so.  Any
thoughts?

 

We are running ARS 7.1 Patch 006

MS SQL 2005

Windows Server 2003

 

Any help is much appreciated, we are trying to get to a pilot on
Monday and this problem is preventing our CTM:People population.

 

 

Thanks.

 

MCD

Maria C Delagarza

AR System Specialist

Eluri Designs

eluridesign.com

[EMAIL PROTECTED]

 

 

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the
Answers Are" html___ 

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP arplugin failure problem

[Thomas Bean]

Hi Maria,
I would guess that your LDAP server has an entry count limit on the number of 
records that can be returned by a search.  This is fairly common -- usually 
LDAP servers are set to an entry count limit of 1 or 2 thousand records.  If 
the LDAP admin is unwilling or unable to alter this setting, you might try 
breaking it up into multiple escalations that search for the users in 
manageable chunks (e.g., all users with user names starting with "A", then "B", 
then "C", etc.).  Each letter of the alphabet would have to return fewer 
entries than the LDAP entry count limit, of course.  That would a whopping 26 
escalations instead of one, but it might work, depending upon how many users 
you have in LDAP.

If you can go another route, I have found that it is much easier to set up this 
kind of import using a view form to an external database rather than an vendor 
form using the ARDBC LDAP plugin.

--Thomas

  - Original Message - 
  From: Maria C Delagarza 
  Newsgroups: gmane.comp.crm.arsystem.general
  To: arslist@ARSLIST.ORG 
  Sent: Thursday, March 06, 2008 1:07 PM
  Subject: LDAP arplugin failure problem


  ** 
  Hi Listers,

   

  I am appealing to people smarter than myself.  I currently am having an issue 
with an LDAP import.  Here is the scenario:

   

  We are connected to the LDAP and can run queries on the Vendor Form that 
return the record we want to see.  However, when we run the same query through 
a filter escalation the arplugin fails and does not give an error message..it 
fails around 50K records or so.  Any thoughts?

   

  We are running ARS 7.1 Patch 006

  MS SQL 2005

  Windows Server 2003

   

  Any help is much appreciated, we are trying to get to a pilot on Monday and 
this problem is preventing our CTM:People population.

   

   

  Thanks.

   

  MCD

  Maria C Delagarza

  AR System Specialist

  Eluri Designs

  eluridesign.com

  [EMAIL PROTECTED]

   

   

  __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" html___

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Question

[Heider, Stephen]

Russ,

 

This is a limitation of your LDAP server.  It can be changed yet the
network admins probably would not want to increase the limit on the LDAP
server because of performance.  However, there is always another way...

 

Although you are limited to 500 records from LDAP you are not limited to
the number of queries.  By using a SQL View you can return every record
from LDAP.  Attached is a view which I used at one point.  It breaks
down the query into 26 sub queries - each by the first letter of the
user's names.  Because you have 60K records you would need to further
refine the sub queries to never match more than 500 records.

 

Big caveat:

You should only use this type of query sparingly and with 60K records,
probably only after hours.  This is because the SQL View will first
return all 60K records to your SQL Server then extract out the matching
records (WHERE clause) and return them to your query screen (or ARS View
form).

 

Example: You want to see a list of the people whose login names start
with the letter R.  You run the following command:

 

SELECT sAMAccountName

FROM udv_LDAP

WHERE sAMAccountName LIKE 'R%'

 

SQL Server will first retrieve all 60,000 records from LDAP (ouch).
Then extract out the 100 login names that match your WHERE clause and
display them.   Just wanted you to be aware.

 

One situation where it is beneficial to retrieve all records is when you
need to initially populate an ARS form with LDAP data. If you need to do
this every day then you will likely want to schedule this to run when
no-one is on the system and the backups are not running (depending upon
your topology).

 

Windows Server 2003

Active Directory

SQL Server 2000

 

Stephen

Remedy Skilled Professional

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Russ Grant
Sent: Wednesday, January 09, 2008 9:46 AM
To: arslist@ARSLIST.ORG
Subject: LDAP Question

 

Greetings ARList!
I'm connecting to a LDAP server using ARDBC LDAP plug-in and then
creating a vendor form for workflow. For some reason when I query the
vendor form I can only get the first 500 records returned and there
should be well over 60k records. 

There is some history here, I've been using ARDBC LDAP plug-in to
connect to a local LDAP server for some time now and I haven't had any
problems, I'm able to perform a query on the vendor form and get the
correct number of records returned. One of the applications that we use
locally now needs to expand to other sites so I need to connect to a
global LDAP server instead of the local LDAP server (which doesn't
include employees outside our site). This is were I'm having a problem,
connecting to the global LDAP server using ARDBC only returns the top
500 records. I realize this probably isn't a Remedy problem but I wanted
to see if there were any LDAP gurus that might have a suggestion.

Thanks in advance!

Russ

__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
CREATE view [dbo].[udv_LDAP]
as

SELECT * FROM OpenQuery(ADSI, 'SELECT PwdLastSet, GivenName, sn, 
sAMAccountName, cn, mail, displayName, department, telephoneNumber, 
streetAddress, st, distinguishedName, physicalDeliveryOfficeName, 
userPrincipalName, mailNickname, l, postalCode, msExchHomeServerName, 
whenCreated, whenChanged, userAccountControl   FROM ''LDAP://YOURDCSERVER'' 
WHERE objectClass=''User'' AND objectCategory=''Person'' AND sn=''A*''')
UNION
SELECT * FROM OpenQuery(ADSI, 'SELECT PwdLastSet, GivenName, sn, 
sAMAccountName, cn, mail, displayName, department, telephoneNumber, 
streetAddress, st, distinguishedName, physicalDeliveryOfficeName, 
userPrincipalName, mailNickname, l, postalCode, msExchHomeServerName, 
whenCreated, whenChanged, userAccountControl   FROM ''LDAP://YOURDCSERVER'' 
WHERE objectClass=''User'' AND objectCategory=''Person'' AND sn=''B*''')
UNION
SELECT * FROM OpenQuery(ADSI, 'SELECT PwdLastSet, GivenName, sn, 
sAMAccountName, cn, mail, displayName, department, telephoneNumber, 
streetAddress, st, distinguishedName, physicalDeliveryOfficeName, 
userPrincipalName, mailNickname, l, postalCode, msExchHomeServerName, 
whenCreated, whenChanged, userAccountControl   FROM ''LDAP://YOURDCSERVER'' 
WHERE objectClass=''User'' AND objectCategory=''Person'' AND sn=''C*''')
UNION
SELECT * FROM OpenQuery(ADSI, 'SELECT PwdLastSet, GivenName, sn, 
sAMAccountName, cn, mail, displayName, department, telephoneNumber, 
streetAddress, st, distinguishedName, physicalDeliveryOfficeName, 
userPrincipalName, mailNickname, l, postalCode, msExchHomeServerName, 
whenCreated, whenChanged, userAccountControl   FROM ''LDAP://YOURDCSERVER'' 
WHERE objectClass=''User'' AND objectCategory=''Person'' AND sn=''D*''')
UNION
SEL

Re: LDAP Question

[Frank Caruso]

I would agree that the limitation is on the LDAP side. We are also
restricted to 500 records.


On Jan 9, 2008 10:17 AM, LJ LongWing (Head) <[EMAIL PROTECTED]> wrote:

> ** I'm not an LDAP Gurubut I can assure you that it's a LDAP server
> configuration issue.  Likely a performance configuration that the LDAP
> administrators have turned on to prevent over 60K records in a single result
> set.  You will likely need to work with them to get it reconfigured.
>
>  --
> *From:* Action Request System discussion list(ARSList) [mailto:
> [EMAIL PROTECTED] *On Behalf Of *Russ Grant
> *Sent:* Wednesday, January 09, 2008 7:46 AM
> *To:* arslist@ARSLIST.ORG
> *Subject:* LDAP Question
>
> ** Greetings ARList!
> I'm connecting to a LDAP server using ARDBC LDAP plug-in and then creating
> a vendor form for workflow. For some reason when I query the vendor form I
> can only get the first 500 records returned and there should be well over
> 60k records.
>
> There is some history here, I've been using ARDBC LDAP plug-in to connect
> to a local LDAP server for some time now and I haven't had any problems, I'm
> able to perform a query on the vendor form and get the correct number of
> records returned. One of the applications that we use locally now needs to
> expand to other sites so I need to connect to a global LDAP server instead
> of the local LDAP server (which doesn't include employees outside our site).
> This is were I'm having a problem, connecting to the global LDAP server
> using ARDBC only returns the top 500 records. I realize this probably isn't
> a Remedy problem but I wanted to see if there were any LDAP gurus that might
> have a suggestion.
>
> Thanks in advance!
>
> Russ
> __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
> html___
> __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
> html___
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP Question

[LJ LongWing (Head)]

I'm not an LDAP Gurubut I can assure you that it's a LDAP server
configuration issue.  Likely a performance configuration that the LDAP
administrators have turned on to prevent over 60K records in a single result
set.  You will likely need to work with them to get it reconfigured.

  _  

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Russ Grant
Sent: Wednesday, January 09, 2008 7:46 AM
To: arslist@ARSLIST.ORG
Subject: LDAP Question


** Greetings ARList!
I'm connecting to a LDAP server using ARDBC LDAP plug-in and then creating a
vendor form for workflow. For some reason when I query the vendor form I can
only get the first 500 records returned and there should be well over 60k
records. 

There is some history here, I've been using ARDBC LDAP plug-in to connect to
a local LDAP server for some time now and I haven't had any problems, I'm
able to perform a query on the vendor form and get the correct number of
records returned. One of the applications that we use locally now needs to
expand to other sites so I need to connect to a global LDAP server instead
of the local LDAP server (which doesn't include employees outside our site).
This is were I'm having a problem, connecting to the global LDAP server
using ARDBC only returns the top 500 records. I realize this probably isn't
a Remedy problem but I wanted to see if there were any LDAP gurus that might
have a suggestion.

Thanks in advance!

Russ
__Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"

Re: LDAP searches for "Member of"

[Grooms, Frederick W]

Create a Vendor form looking at your LDAP system.  Since a container is
just another LDAP record you can do a lookup in this new form and get
the data in the membersOf attribute for your container.
 
Fred



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Luebbe, Tom
Sent: Friday, October 12, 2007 10:29 AM
To: arslist@ARSLIST.ORG
Subject: LDAP searches for "Member of"


** 
I am sure that someone has done this before.  We are trying to pull in
users that are listed as "Members of" a certain container.  We don't
want to pull in all the group information to populate all of the groups
in Remedy, but just to see who is members of certain containers.
 
Hopefully this is clear in what I am asking.
 

Tom Luebbe 
Remedy Administrator
Infrastructure
The Nielsen Company 
813.366.2404
www.nielsen.com
 
   

 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"
<>

Re: LDAP searches for "Member of"

[Joe D'Souza]

Tom,

I'm assuming you want to create a vendor form against the LDAP directories,
that will contain all the people in that vendor form.

This links will help you to understand how to construct your ldap URL's
against any table.
http://mail.state.ak.us/ldap.shtml
http://geekswithblogs.net/ccalderon/archive/2006/07/08/84506.aspx

Hope these help you. I found the first link I have sent very useful to me on
some occasions to help me refresh the little I know on constructing LDAP
URL's.

Cheers

Joe D'Souza
  -Original Message-
  From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Luebbe, Tom
  Sent: Friday, October 12, 2007 11:29 AM
  To: arslist@ARSLIST.ORG
  Subject: LDAP searches for "Member of"


  **
  I am sure that someone has done this before.  We are trying to pull in
users that are listed as "Members of" a certain container.  We don't want to
pull in all the group information to populate all of the groups in Remedy,
but just to see who is members of certain containers.

  Hopefully this is clear in what I am asking.

  Tom Luebbe
  Remedy Administrator
  Infrastructure
  The Nielsen Company
  813.366.2404
  www.nielsen.com



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP with multiple hostname

[John Atherly]

What are you LDAP too  Active Dir,  Lotus Notes, .?


John Atherly
American Power Conversion
[EMAIL PROTECTED]
401-789-5735 Ext. 2120
1-800-788-2208 Ext. 2120


   
 sujan nellikkandy 
 <[EMAIL PROTECTED] 
 L.COM> To 
 Sent by: "Action  arslist@ARSLIST.ORG 
 Request System cc 
 discussion
 list(ARSList)"Subject 
 <[EMAIL PROTECTED] LDAP with multiple hostname 
 ORG>  
   
   
 08/28/2007 06:16  
 PM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
RG 
   
   




**
Hi,

how to configure ARDBC and AREA LDAP with multiple host name and single
"User Base".  following are the sample host names.

srvgcm1.xx.edu.qa
srvgcm2.xx.edu.qa
srvgcf1.xx.edu.qa
srvgcf2.xx.edu.qa

in ARDBC and AREA form, i filled "Host Name" field with  srvgcm1.xx.edu.qa
srvgcm2.xx.edu.qa srvgcf1.xx.edu.qa
srvgcf2.xx.edu.qa

also AD contain many OU (Organizational Unit).

How can i collect all the user information from all OU, and what are the
configuration setting in Vendor Form.

Please give suggestion
__20060125___This posting was submitted with HTML in
it___

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP with multiple hostname

[Roger Justice]

Version 7 is the first version to support multiple host names.


-Original Message-
From: sujan nellikkandy <[EMAIL PROTECTED]>
To: arslist@ARSLIST.ORG
Sent: Tue, 28 Aug 2007 5:16 pm
Subject: LDAP with multiple hostname


** 
Hi,

?


how to configure ARDBC and AREA LDAP with multiple host name and single?"User 
Base". ?following are the sample host names.

?

srvgcm1.xx.edu.qa
srvgcm2.xx.edu.qa
srvgcf1.xx.edu.qa
srvgcf2.xx.edu.qa

?

in ARDBC and AREA form, i filled?"Host Name" field 
with??srvgcm1.xx.edu.qasrvgcm2.xx.edu.qa srvgcf1.xx.edu.qa

srvgcf2.xx.edu.qa

?

also AD contain many OU (Organizational Unit).

?

How can i collect all the user information from all OU, and what are the 
configuration setting in?Vendor Form.?

?

Please give suggestion

__20060125___This posting was submitted with HTML in it___ 


Email and AIM finally together. You've gotta check out free AOL Mail! - 
http://mail.aol.com

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP (UNCLASSIFIED)

[Alicea, Alex Contr PEO-EIS/ARMY GNOSC]

Classification:  UNCLASSIFIED 
Caveats: NONE

One last thing Joe. I hope you had a good weekend. If we choose to use SSL.
The LDAP folks provided a link to donwload a certificate but It's not a
cert7.db file. Does it need to be cert7.db file or if I can use the file
they provided what directory do I out it in my Remedy server? Thanks! Once I
make the changes on the AREA LDAP Form they should show up on the ar.conf
file?

Alex 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Joe D'Souza
Sent: Thursday, May 31, 2007 3:50 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)

You are welcome..

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Thursday, May 31, 2007 8:25 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

Thanks Joe!

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Joe D'Souza
Sent: Wednesday, May 30, 2007 2:40 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)

If your groups are local to Remedy, yes you do not need to fill in any of
that other information and leave it to defaults..

The license masking information is not necessary either if you do not want
to keep the Remedy license information in LDAP.

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Wednesday, May 30, 2007 12:01 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

So all other remain blank? Thanks Joe!
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007
1:01 PM


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Classification:  UNCLASSIFIED
Caveats: NONE



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.4/825 - Release Date: 5/30/2007
3:03 PM

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.4/825 - Release Date: 5/30/2007
3:03 PM


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Classification:  UNCLASSIFIED 
Caveats: NONE


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"


smime.p7s
Description: S/MIME cryptographic signature

Re: LDAP (UNCLASSIFIED)

[Joe D'Souza]

You are welcome..

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Thursday, May 31, 2007 8:25 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

Thanks Joe!

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Joe D'Souza
Sent: Wednesday, May 30, 2007 2:40 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)

If your groups are local to Remedy, yes you do not need to fill in any of
that other information and leave it to defaults..

The license masking information is not necessary either if you do not want
to keep the Remedy license information in LDAP.

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Wednesday, May 30, 2007 12:01 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

So all other remain blank? Thanks Joe!
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007
1:01 PM


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Classification:  UNCLASSIFIED
Caveats: NONE



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.4/825 - Release Date: 5/30/2007
3:03 PM

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.4/825 - Release Date: 5/30/2007
3:03 PM

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP (UNCLASSIFIED)

[Alicea, Alex Contr PEO-EIS/ARMY GNOSC]

Classification:  UNCLASSIFIED 
Caveats: NONE

Thanks Joe! 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Joe D'Souza
Sent: Wednesday, May 30, 2007 2:40 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)

If your groups are local to Remedy, yes you do not need to fill in any of
that other information and leave it to defaults..

The license masking information is not necessary either if you do not want
to keep the Remedy license information in LDAP.

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Wednesday, May 30, 2007 12:01 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

So all other remain blank? Thanks Joe!
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007
1:01 PM


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Classification:  UNCLASSIFIED 
Caveats: NONE


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"


smime.p7s
Description: S/MIME cryptographic signature

Re: LDAP (UNCLASSIFIED)

[Joe D'Souza]

If your groups are local to Remedy, yes you do not need to fill in any of
that other information and leave it to defaults..

The license masking information is not necessary either if you do not want
to keep the Remedy license information in LDAP.

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Wednesday, May 30, 2007 12:01 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

So all other remain blank? Thanks Joe!
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007
1:01 PM

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP (UNCLASSIFIED)

[Alicea, Alex Contr PEO-EIS/ARMY GNOSC]

Classification:  UNCLASSIFIED 
Caveats: NONE

So all other remain blank? Thanks Joe! 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Joe D'Souza
Sent: Wednesday, May 30, 2007 11:38 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP (UNCLASSIFIED)

Alicea,

I'm assuming you are talking about the AREA configuration form..

The required fields are hostname, Distinguished name, password, port, SSL
(Yes/No), User base search filter.

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Wednesday, May 30, 2007 11:19 AM
To: arslist@ARSLIST.ORG
Subject: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

Listers,
Has anyone implemented AREA/LDAP authentication. Which fields on the AREA
LDAP Authentication form must be populated? It's LDAP authentication not
Active Directory. Thanks!

Alex Alicea
[EMAIL PROTECTED]
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007
1:01 PM


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Classification:  UNCLASSIFIED 
Caveats: NONE


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"


smime.p7s
Description: S/MIME cryptographic signature

Re: LDAP (UNCLASSIFIED)

[Joe D'Souza]

Alicea,

I'm assuming you are talking about the AREA configuration form..

The required fields are hostname, Distinguished name, password, port, SSL
(Yes/No), User base search filter.

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] Behalf Of Alicea, Alex Contr PEO-EIS/ARMY
GNOSC
Sent: Wednesday, May 30, 2007 11:19 AM
To: arslist@ARSLIST.ORG
Subject: LDAP (UNCLASSIFIED)


Classification:  UNCLASSIFIED
Caveats: NONE

Listers,
Has anyone implemented AREA/LDAP authentication. Which fields on the AREA
LDAP Authentication form must be populated? It's LDAP authentication not
Active Directory. Thanks!

Alex Alicea
[EMAIL PROTECTED]
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007
1:01 PM

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP with SSL = LDAP ERR 82

[Zinoviev Alexander]

Hello,

Let me ask you question.

My server is server.domain.ru. 
Of course, I have an updated version of *.db files if the arsystem\CONF dir. 
If I run Netscape 479 and type https://server.domain.ru:636:
"The certificate, that the site 'server.domain.ru:636' has presented doesn`t 
contain the correct site name". And shows me the certificate information. Then 
I press continue.

Is it normal?

Ldp.exe can successfully connect SSL LDAP
 
Best regards,
Alexander Zinoviev

-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Jiri Pospisil
Sent: Thursday, May 10, 2007 5:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP with SSL = LDAP ERR 82

Alexander,

sorry for asking the obvious, but do you have actual connectivity from your 
remedy server to the LDAP server?

Can you run a browser (Netscape preferably) on your remedy server, enter a URL 
similar to this https://your_ldap_server:636 and observe what happens? Will the 
browser connect to the server and attempt to validate the site certificate?

Have you updated the certificate database files cert7.db and key3.db? I found 
that it was the trickiest part of setting up LDAP over SSH.

Hope this helps.

Regards
Jiri Pospisil
Technology Support Systems
▪T▪ ▪ ▪Mobile UK▪


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Zinoviev Alexander
Sent: 10 May 2007 14:40
To: arslist@arslist.org
Subject: Re: LDAP with SSL = LDAP ERR 82

Hello, Jiri,

I switch plugin log level to 100, you can see the results below. 
But I didn`t foun any interesting there...

 /* Чт май 10 2007 15:31:03.6270 */ +VLAREAVerifyLoginCallback   
   -- user AGZinovev
 /* Чт май 10 2007 15:31:03.6270 */   
AREAVerifyLoginCallback
 /* Чт май 10 2007 15:31:03.6270 */   Connecting 
via SSL
 /* Чт май 10 2007 15:31:03.8670 */   connect 
timeout previously: -1
 /* Чт май 10 2007 15:31:03.8670 */   connect 
timeout used: 35000
 /* Чт май 10 2007 15:31:03.8670 */   
ldap_simple_bind("domain_name\remedy", hidden)
 /* Чт май 10 2007 15:31:03.9080 */   Bind: 
Local error (LDAPERR Code 82) 
 /* Чт май 10 2007 15:31:03.9080 */ -VL
FAIL

Best regards,
Alexander Zinoviev
 

-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Jiri Pospisil
Sent: Thursday, May 10, 2007 12:45 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP with SSL = LDAP ERR 82

Alexander,

you may want to try first increasing the logging level of the plugin server to 
see if you can get any more details regarding the error.
I believe it needs to be done in the ar.conf (or ar.cfg on Windows) file where 
you need to set parameter Plugin-Log-Level: 100 
and then you need to activate the plugin logging in the admin tool.

Let us know if you have any luck with this.

Regards
Jiri Pospisil

Technology Support Systems
▪T▪ ▪ ▪Mobile UK▪


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Zinoviev Alexander
Sent: 10 May 2007 09:07
To: arslist@arslist.org
Subject: LDAP with SSL = LDAP ERR 82

Hello,
 
Does somebody have an expirence of LDAP with SSL implementing?
BMC provide me an instruction how to do it, but SSL still doen`t work.
 
LDAP ERROR 82 - it is all, I can see in the plugin.log file.
 
ARS 6.3+18.
 
Kind regards,
Alexander Zinoviev
 
__20060125___This posting was submitted with HTML in it___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, 
AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended 
recipient, notify the sender immediately, delete this email from your system 
and do not disclose or use for any purpose.

T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, 
AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended 
recipient, notify the sender immediately, delete this email from your system 
and do not disclose or use for any purpose.

Re: LDAP with SSL = LDAP ERR 82

[Jiri Pospisil]

Alexander,

sorry for asking the obvious, but do you have actual connectivity from your 
remedy server to the LDAP server?

Can you run a browser (Netscape preferably) on your remedy server, enter a URL 
similar to this https://your_ldap_server:636 and observe what happens? Will the 
browser connect to the server and attempt to validate the site certificate?

Have you updated the certificate database files cert7.db and key3.db? I found 
that it was the trickiest part of setting up LDAP over SSH.

Hope this helps.

Regards
Jiri Pospisil
Technology Support Systems
▪T▪ ▪ ▪Mobile UK▪


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Zinoviev Alexander
Sent: 10 May 2007 14:40
To: arslist@arslist.org
Subject: Re: LDAP with SSL = LDAP ERR 82

Hello, Jiri,

I switch plugin log level to 100, you can see the results below. 
But I didn`t foun any interesting there...

 /* Чт май 10 2007 15:31:03.6270 */ +VLAREAVerifyLoginCallback   
   -- user AGZinovev
 /* Чт май 10 2007 15:31:03.6270 */   
AREAVerifyLoginCallback
 /* Чт май 10 2007 15:31:03.6270 */   Connecting 
via SSL
 /* Чт май 10 2007 15:31:03.8670 */   connect 
timeout previously: -1
 /* Чт май 10 2007 15:31:03.8670 */   connect 
timeout used: 35000
 /* Чт май 10 2007 15:31:03.8670 */   
ldap_simple_bind("domain_name\remedy", hidden)
 /* Чт май 10 2007 15:31:03.9080 */   Bind: 
Local error (LDAPERR Code 82) 
 /* Чт май 10 2007 15:31:03.9080 */ -VL
FAIL

Best regards,
Alexander Zinoviev
 

-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Jiri Pospisil
Sent: Thursday, May 10, 2007 12:45 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP with SSL = LDAP ERR 82

Alexander,

you may want to try first increasing the logging level of the plugin server to 
see if you can get any more details regarding the error.
I believe it needs to be done in the ar.conf (or ar.cfg on Windows) file where 
you need to set parameter Plugin-Log-Level: 100 
and then you need to activate the plugin logging in the admin tool.

Let us know if you have any luck with this.

Regards
Jiri Pospisil

Technology Support Systems
▪T▪ ▪ ▪Mobile UK▪


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Zinoviev Alexander
Sent: 10 May 2007 09:07
To: arslist@arslist.org
Subject: LDAP with SSL = LDAP ERR 82

Hello,
 
Does somebody have an expirence of LDAP with SSL implementing?
BMC provide me an instruction how to do it, but SSL still doen`t work.
 
LDAP ERROR 82 - it is all, I can see in the plugin.log file.
 
ARS 6.3+18.
 
Kind regards,
Alexander Zinoviev
 
__20060125___This posting was submitted with HTML in it___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, 
AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended 
recipient, notify the sender immediately, delete this email from your system 
and do not disclose or use for any purpose.

T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, 
AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended 
recipient, notify the sender immediately, delete this email from your system 
and do not disclose or use for any purpose.

Re: LDAP with SSL = LDAP ERR 82

[Zinoviev Alexander]

Hello, Jiri,

I switch plugin log level to 100, you can see the results below. 
But I didn`t foun any interesting there...

 /* Чт май 10 2007 15:31:03.6270 */ +VLAREAVerifyLoginCallback   
   -- user AGZinovev
 /* Чт май 10 2007 15:31:03.6270 */   
AREAVerifyLoginCallback
 /* Чт май 10 2007 15:31:03.6270 */   Connecting 
via SSL
 /* Чт май 10 2007 15:31:03.8670 */   connect 
timeout previously: -1
 /* Чт май 10 2007 15:31:03.8670 */   connect 
timeout used: 35000
 /* Чт май 10 2007 15:31:03.8670 */   
ldap_simple_bind("domain_name\remedy", hidden)
 /* Чт май 10 2007 15:31:03.9080 */   Bind: 
Local error (LDAPERR Code 82) 
 /* Чт май 10 2007 15:31:03.9080 */ -VL
FAIL

Best regards,
Alexander Zinoviev
 

-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Jiri Pospisil
Sent: Thursday, May 10, 2007 12:45 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP with SSL = LDAP ERR 82

Alexander,

you may want to try first increasing the logging level of the plugin server to 
see if you can get any more details regarding the error.
I believe it needs to be done in the ar.conf (or ar.cfg on Windows) file where 
you need to set parameter Plugin-Log-Level: 100 
and then you need to activate the plugin logging in the admin tool.

Let us know if you have any luck with this.

Regards
Jiri Pospisil

Technology Support Systems
▪T▪ ▪ ▪Mobile UK▪


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Zinoviev Alexander
Sent: 10 May 2007 09:07
To: arslist@arslist.org
Subject: LDAP with SSL = LDAP ERR 82

Hello,
 
Does somebody have an expirence of LDAP with SSL implementing?
BMC provide me an instruction how to do it, but SSL still doen`t work.
 
LDAP ERROR 82 - it is all, I can see in the plugin.log file.
 
ARS 6.3+18.
 
Kind regards,
Alexander Zinoviev
 
__20060125___This posting was submitted with HTML in it___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, 
AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended 
recipient, notify the sender immediately, delete this email from your system 
and do not disclose or use for any purpose.

Re: LDAP with SSL = LDAP ERR 82

[Jiri Pospisil]

Alexander,

you may want to try first increasing the logging level of the plugin server to 
see if you can get any more details regarding the error.
I believe it needs to be done in the ar.conf (or ar.cfg on Windows) file where 
you need to set parameter Plugin-Log-Level: 100 
and then you need to activate the plugin logging in the admin tool.

Let us know if you have any luck with this.

Regards
Jiri Pospisil

Technology Support Systems
▪T▪ ▪ ▪Mobile UK▪


-Original Message-
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Zinoviev Alexander
Sent: 10 May 2007 09:07
To: arslist@arslist.org
Subject: LDAP with SSL = LDAP ERR 82

Hello,
 
Does somebody have an expirence of LDAP with SSL implementing?
BMC provide me an instruction how to do it, but SSL still doen`t work.
 
LDAP ERROR 82 - it is all, I can see in the plugin.log file.
 
ARS 6.3+18.
 
Kind regards,
Alexander Zinoviev
 
__20060125___This posting was submitted with HTML in it___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, 
AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended 
recipient, notify the sender immediately, delete this email from your system 
and do not disclose or use for any purpose.

Re: LDAP and Vendor Forms

[ARSList]

Are you using SSL?  Is this a Microsoft AD?

 

I would try and connect to the same object with a LDAP tool and confirm
the user credentials you are providing to the LDAP can access this
different object in the LDAP.

 

Nick

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Caruso
Sent: Wednesday, March 28, 2007 8:24 AM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP and Vendor Forms

 

** Nope ... still getting the same error

On 3/28/07, Grooms, Frederick W <[EMAIL PROTECTED]> wrote: 

** 

Double check the Form properties, Vendor Information tab to make sure
there isn't a typo 

 

Fred

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Caruso
Sent: Wednesday, March 28, 2007 8:40 AM
To: arslist@ARSLIST.ORG
Subject: LDAP and Vendor Forms

** I am getting the following error message in the Admin tool when I try
to create a vendor form:



Cannot connect to the directory service : Can't contact LDAP server
(LDAPERR 81) (ARERR 3375).

We already have several vendor forms set up and working. 

ARS 6.3 p20, Admin Tool 6.3 p19

-- 
Frank Caruso
Specific Integration, Inc.
Senior Remedy Engineer, ITIL Foundation Certified
www.specificintegration.com 
703-376-1249  

 

 

__20060125___This posting was submitted with HTML in
it___ 




-- 
Frank Caruso
Specific Integration, Inc.
Senior Remedy Engineer, ITIL Foundation Certified
www.specificintegration.com 
703-376-1249 __20060125___This posting was submitted
with HTML in it___ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP and Vendor Forms

[Frank Caruso]

Nope ... still getting the same error

On 3/28/07, Grooms, Frederick W <[EMAIL PROTECTED]> wrote:


** Double check the Form properties, Vendor Information tab to make sure
there isn't a typo

Fred

 --
*From:* Action Request System discussion list(ARSList) [mailto:
[EMAIL PROTECTED] *On Behalf Of *Frank Caruso
*Sent:* Wednesday, March 28, 2007 8:40 AM
*To:* arslist@ARSLIST.ORG
*Subject:* LDAP and Vendor Forms

 ** I am getting the following error message in the Admin tool when I try
to create a vendor form:

Cannot connect to the directory service : Can't contact LDAP server
(LDAPERR 81) (ARERR 3375).

We already have several vendor forms set up and working.

ARS 6.3 p20, Admin Tool 6.3 p19

--
Frank Caruso
Specific Integration, Inc.
Senior Remedy Engineer, ITIL Foundation Certified
www.specificintegration.com
703-376-1249


__20060125___This posting was submitted with HTML in
it___





--
Frank Caruso
Specific Integration, Inc.
Senior Remedy Engineer, ITIL Foundation Certified
www.specificintegration.com
703-376-1249

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers 
Are"

Re: LDAP and Vendor Forms

[Grooms, Frederick W]

Double check the Form properties, Vendor Information tab to make sure
there isn't a typo 
 
Fred



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Caruso
Sent: Wednesday, March 28, 2007 8:40 AM
To: arslist@ARSLIST.ORG
Subject: LDAP and Vendor Forms


** I am getting the following error message in the Admin tool when I try
to create a vendor form:

Cannot connect to the directory service : Can't contact LDAP server
(LDAPERR 81) (ARERR 3375).

We already have several vendor forms set up and working. 

ARS 6.3 p20, Admin Tool 6.3 p19

-- 
Frank Caruso
Specific Integration, Inc.
Senior Remedy Engineer, ITIL Foundation Certified
www.specificintegration.com 
703-376-1249  
 
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP and Vendor Forms

[Graham Dyer]

Check your password on your LDAP configuration form. Chances are the
password is different there then it is on the server you are trying to
connect to.
 
 

Graham Dyer 
Manitoba Public Insurance 
Ph:(204) 985-7330 
Fax:(204) 942-7827 
[EMAIL PROTECTED] 
www.mpi.mb.ca 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Caruso
Sent: March 28, 2007 8:40 AM
To: arslist@ARSLIST.ORG
Subject: LDAP and Vendor Forms


** I am getting the following error message in the Admin tool
when I try to create a vendor form:

Cannot connect to the directory service : Can't contact LDAP
server (LDAPERR 81) (ARERR 3375).

We already have several vendor forms set up and working. 

ARS 6.3 p20, Admin Tool 6.3 p19

-- 
Frank Caruso
Specific Integration, Inc.
Senior Remedy Engineer, ITIL Foundation Certified
www.specificintegration.com 
703-376-1249 __20060125___This posting was
submitted with HTML in it___ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP issue with 7.0.1 Patch 1?

[strauss]

Our issue was that on 7.0.1 and 7.0.1.001 the SSL certificate function
of AREA that had been working in 7.0 stopped working. It is still
broken.

Christopher Strauss, Ph.D.
Remedy Database Administrator
University of North Texas Computing Center
http://remedy.unt.edu/helpdesk/
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of harrylee
Sent: Wednesday, March 07, 2007 2:40 PM
To: arslist@ARSLIST.ORG
Subject: LDAP issue with 7.0.1 Patch 1?

Hi,

Does anyone have an issue with their AREA LDAP authenication after
patching to patch 1 for ARsystem 7.0.1?
My place here as 2 LDAPs we authenticate to.  One Edirectory and an
Active Directory.
ED is the first place Remedy checks then it is AD.
However, since the patch it seems that Remedy can't/won't check AD which
is the 2nd place to check.
I redid the Area LDAP config and still not working.

Anyone else encountering this?

--
View this message in context:
http://www.nabble.com/LDAP-issue-with-7.0.1-Patch-1--tf3364778.html#a936
1630
Sent from the ARS (Action Request System) mailing list archive at
Nabble.com.


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where
the Answers Are"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP question

[strauss]

We saw this when the LDAP servers were behind web director load
balancing hardware, but not since they switched to F5 hardware. An
alternative would be to define multiple AREA LDAP server connections if
you are on 7.0.1, one to each "real" DNS name and  following in order
behind the shared DNS name.

Christopher Strauss, Ph.D.
Remedy Database Administrator
University of North Texas Computing Center
http://remedy.unt.edu/helpdesk/ 


  _  

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Stephen Lumini
Sent: Tuesday, March 06, 2007 12:25 PM
To: arslist@ARSLIST.ORG
Subject: LDAP question


** 
Hey all,
 
We have multiple LDAP servers behind one dns name. We are seeing a
problem where we connect to one server - it hangs, and Remedy stays
connected to that box - not failing over to the others. Anyone else seen
this?
 
Later
Stephen
ARS 7.0.1, Oracle, Linux (Red Hat 4)

  _  

The best gets better. See why everyone is raving about the All-new
Yahoo! Mail.
  __20060125___This posting was submitted
with HTML in it___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP & Cross Ref Blank Passwords problem

[Mark Walters]

On Thu, 15 Feb 2007 14:48:52 -0800, Wheeler, Dylan 
<[EMAIL PROTECTED]> wrote:

>From what I've done before, you fill out the AREA LDAP, Check the box
>for Cross Ref Blank Passwords and clear out the password from all user
>records. This should see that the user has no password and use the AREA
>record to authenticate the user right?
>What happens is:
>I try to login and it will let me login with my AD password. Great
>If I login with no password it will still let me login. huh?

Dylan,

Do you have an entry for Authentication-Chaining-Mode: in your ar.conf?  
If so, please note the comments below from the config guide;

This parameter enables the administrator to use more than one type of 
authentication on the same system.  The values for Authentication-Chaining-
Mode are as follows: 

0—Use the default behavior as in releases prior to 6.3. 
1—Use internal authentication as the primary method; then use external 
authentication via the AREA plug-in as the secondary method. 
2—Use external authentication via the AREA plug-in as the primary method; 
then use internal authentication as the secondary method.

If the Authentication-Chaining-Mode is set to a value of 1 or 2, the 
Authenticate-Unregistered-Users parameter will be ignored.

If the Crossref-Blank-Password parameter is enabled, and Authentication-
Chaining-Mode is set to a value of 1 or 2, users who have a blank password 
in their User record will be permitted to log in to the system without a 
password (that is, a NULL password).

Mark

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP & Cross Ref Blank Passwords problem

[Wheeler, Dylan]

I have neither selected. 
I'm not coming in as a Guest, I have my full rights. I can also do the
same with the Admin tool so I know that rules out guest user heh.
 

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of ARSList
Sent: Thursday, February 15, 2007 4:56 PM
To: arslist@ARSLIST.ORG
Subject: Re: LDAP & Cross Ref Blank Passwords problem


** 

Do you have Allow Guest Users, and/or Authenticate Unregistered
Users?

 





From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Wheeler, Dylan
Sent: Thursday, February 15, 2007 2:49 PM
To: arslist@ARSLIST.ORG
Subject: LDAP & Cross Ref Blank Passwords problem

 

Hi all, 
So I've been trying to implement this the right way for some
time and it just isn't working how I *THINK* it's supposed to work.

From what I've done before, you fill out the AREA LDAP, Check
the box for Cross Ref Blank Passwords and clear out the password from
all user records. This should see that the user has no password and use
the AREA record to authenticate the user right?

What happens is: 
I try to login and it will let me login with my AD password.
Great 
If I login with no password it will still let me login. huh? 

Also if I login and I have a remedy password set there is a hit
to AD with a bad password if the password is different. 
From what I read, it is supposed to check Remedy first and then
AD only if Remedy doesn't match. So I log in with the password in Remedy
and it lets me in, but it still queries against AD.

Am I missing something? Or is my config wrong? Or is my server
just jacked up heh 

I'm on 6.3 Patch 20 and it does the same through both the user
tool and mid tier. 

- 

Dylan Wheeler
Production Control Analyst Principal 
IT Operations 
Downey Savings & Loan Association, F.A. 
Email: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>  

This message and any attachments are for the intended
recipient(s) only and may contain privileged, confidential and/or
proprietary information about Downey Savings or its customers, which
Downey Savings does not intend to disclose to the public. If you
received this message by mistake, please notify the sender by reply
e-mail and delete the message and attachments.

 

This message and any attachments are for the intended
recipient(s) only and may contain privileged, confidential and/or
proprietary information about Downey Savings or its customers, which
Downey Savings does not intend to disclose to the public.  If you
received this message by mistake, please notify the sender by reply
e-mail and delete the message and attachments.

__20060125___This posting was submitted with
HTML in it___ __20060125___This posting was
submitted with HTML in it___



This message and any attachments are for the intended recipient(s) only and may 
contain privileged, confidential and/or proprietary information about Downey 
Savings or its customers, which Downey Savings does not intend to disclose to 
the public.  If you received this message by mistake, please notify the sender 
by reply e-mail and delete the message and attachments.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP & Cross Ref Blank Passwords problem

[ARSList]

Do you have Allow Guest Users, and/or Authenticate Unregistered Users?

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Wheeler, Dylan
Sent: Thursday, February 15, 2007 2:49 PM
To: arslist@ARSLIST.ORG
Subject: LDAP & Cross Ref Blank Passwords problem

 

Hi all, 
So I've been trying to implement this the right way for some time and it
just isn't working how I *THINK* it's supposed to work.

>From what I've done before, you fill out the AREA LDAP, Check the box
for Cross Ref Blank Passwords and clear out the password from all user
records. This should see that the user has no password and use the AREA
record to authenticate the user right?

What happens is: 
I try to login and it will let me login with my AD password. Great 
If I login with no password it will still let me login. huh? 

Also if I login and I have a remedy password set there is a hit to AD
with a bad password if the password is different. 
>From what I read, it is supposed to check Remedy first and then AD only
if Remedy doesn't match. So I log in with the password in Remedy and it
lets me in, but it still queries against AD.

Am I missing something? Or is my config wrong? Or is my server just
jacked up heh 

I'm on 6.3 Patch 20 and it does the same through both the user tool and
mid tier. 

- 

Dylan Wheeler
Production Control Analyst Principal 
IT Operations 
Downey Savings & Loan Association, F.A. 
Email: [EMAIL PROTECTED]   

This message and any attachments are for the intended recipient(s) only
and may contain privileged, confidential and/or proprietary information
about Downey Savings or its customers, which Downey Savings does not
intend to disclose to the public. If you received this message by
mistake, please notify the sender by reply e-mail and delete the message
and attachments.

 

This message and any attachments are for the intended recipient(s) only
and may contain privileged, confidential and/or proprietary information
about Downey Savings or its customers, which Downey Savings does not
intend to disclose to the public.  If you received this message by
mistake, please notify the sender by reply e-mail and delete the message
and attachments.

__20060125___This posting was submitted with HTML in
it___

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: LDAP: Authenticate users against multiple domain

[patrick zandi]

**
I am not in the office. but out sick.. yes If I remember correctly you can do this with 5.12 but only 2 domains.. that is it.. 
Contact support for the helpit is a manual add to the ar.conf line... 
On 11/3/06, Anthony K R <[EMAIL PROTECTED]> wrote:
** 

Hi, 
ARS: 5.1.2 OS: Linux 
When I configure the AREA LDAP Config form with single 'Host Name' and single 'User Base', it worked fine. Need to authenticate users against multiple domain. Should I use some delimiter(like ; or ) in these two fields to add more values?. Is there any other known way do this?

Regards, Anthony __20060125___This posting was submitted with HTML in it___ 
-- Patrick Zandi 
__20060125___This posting was submitted with HTML in it___

Re: LDAP Interface with Active Directory using objectGUID or objectSID

[Dylan Armstrong]

We used the employeeID field in AD also (at Webster Bank; I'm now at The 
Hartford).  Again, it was the only field that had unique, non-changing 
data in it.  (The consulting company we had help us with the original 
installation recommended the samaccountname field!)

The only problem we encountered were with users that weren't "employees"; 
mainly vendors.  Temps and consultants would have a value in the 
employeeID field in AD (TMP123), so Remedy would pull them.  Vendors would 
have to be added by hand, unless you gave them a value (ie: VDR123).

Have fun!

Dylan Armstrong
Remedy Support
The Hartford
[EMAIL PROTECTED]

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: LDAP Interface with Active Directory using objectGUID or objectSID

[Pierson, Shawn]

Bob,

You should never use the login as the unique id anyway, so it's good
that you are looking into other fields.  The reason you should never use
the samAccountName or any other field containing an aspect of the name
is because of marriage and divorce.  When people's names change, you
want to be able to change their login id as well without adding or
deleting accounts.

What we did was to create a new field on the Active Directory side that
we can use to link all people data together.  We have an employee_id
that comes out of our Oracle HR system, and we have decided that it
should be used as the company-wide unique identifier.  Since HR is the
origin of people information anyway, it makes sense to let them decide
on what the unique id should be, not the Active Directory or Remedy
groups.

I know this doesn't directly answer your question, but it may help to
come up with a plan that can be useful to other applications in your
company as well to kill two birds with one stone.

Shawn Pierson

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Bob Wallace
Sent: Monday, September 25, 2006 7:23 PM
To: arslist@ARSLIST.ORG
Subject: LDAP Interface with Active Directory using objectGUID or
objectSID


Hello ARSList,

  We are working with a new implementation of ARS 6.3, with ITSM 6.0
(Help
Desk and SLA) on a M/S 2003 Server accessing a SQL Server 2000 remote
server.
  We are trying to populate SHR:People via entries in Active Directory
("running" on Windows 2003 in "mixed mode").

  We have encountered problems with the "normal attributes" used for
uniqueness
sAMAccountName - we have some accounts that exceed the 15 char max
for
Request ID
Remedy Support suggested using uSNCreated but accounts are created
on
more that Domain Controller, which (from what I've read) can cause that
attribute to have duplicated values

It looked like the objectGUID or objectSid attributes would be good
candidates but we could not get those attributes to display properly in
the
Vendor form.

Remedy Support stated that objectGUID "...  is stored
in a format that Remedy does not support.   Remedy cannot interpret the
Hex data properly  ... ".

We manually added a objectSID field but it did not display properly
either.

I think this interface is accomplished via one of the plugins. Does
anyone know of a change that can be made which would allow access to the

hex data formatted data in objectGUID or objectSID?

   Thank you,
 Bob Wallace.


___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

The information in this e-mail, and any files transmitted with it, is intended 
for the exclusive use of the recipient(s) to which it is addressed and may 
contain confidential, proprietary or privileged information.  If you are not an 
intended recipient, you have received this transmission in error and any use, 
review, dissemination, distribution, printing or copying of this information is 
strictly prohibited.  If you have received this e-mail in error, please notify 
the sender immediately of the erroneous transmission by reply e-mail, 
immediately delete this e-mail and all electronic copies of it from your system 
and destroy any hard copies of it that you may have made. Thank you.

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: LDAP Interface with Active Directory using objectGUID or objectSID

[Bob Wallace]

A clarification might be necessary. The original post might imply that I 
want to use objectGUID or objectSid as the Request ID, since (in LDP text 
format display at least) both values exceed the 15 character max, neither 
field could be used as a Request ID in Remedy.

  Originally we planned to use sAMAccountName as the request id and we were 
looking at objectGUID or objectSid as an a non-changing value to be used to 
detect when a Domain account logon is change (probably due to a name 
change).

  I only recently identified that some values for sAMAccountName also 
exceed the 15 character max for Request Id and wrote the original post 
without clearly thinking about the length restriction. That probably means 
that neither field could be used, but if there is a way to get those values 
through the vendor form in a readable format it would still be useful to 
us. 

   We will have to find another attribute to assign to request id.

Thank you,
Bob

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org