**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.




Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************

20060125This posting was submitted with HTML in it

**
Hi Matt
Thanks
Let me try this

Regards
Sri
"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.


Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it







**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it



Regards
Sri




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
/* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.


Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it







**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it



Regards
Sri


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 20060125This posting was submitted with HTML in it

**
The username & pwd you are using in your LDAP configuration to bind to the directory server are invalid - all I can suggest is that you double check your config....not sure what else could be causing this.




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
/* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.


Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it




Regards
Sri


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************

20060125This posting was submitted with HTML in it

**

If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:

Install ARS on a Windows server as a domain member

If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts

Check the box to cross reference blank passwords

You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.



If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.



The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.



Thanks,

Andrew Baxter

Manager, Information Technology

w. (781) 902-6026

f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it

**
It looks like your rmdyadm service account is not being found correctly.

I have found that the ARDBC LDAP configuration likes the full Distingushed Name (DN) from Active Directory while the AREA LDAP configuration likes the WindowsDomain\LoginName combination.

i.e.
ARDBC LDAP Configuration form has: CN=remedysvcacct,OU=System Users and Groups,DC=corp,DC=domain,DC=org
AREA LDAP Configuration form has: CORP\remedysvcacct

The vendor form Queries use the ARDBC LDAP configuration form data to log in and do the lookups. User logins use the AREA LDAP configuration form to login and search for the user so the user's password can be verified.

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. ! Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Regards
Sri



20060125This posting was submitted with HTML in it

**
Hi Grooms Fredrick,
I tried with domainname\accountname. No luck. Is there anything to be installed/ configured? Remedy login does not know my OS domain login name right?
I used ldp utility. It is clearly authenticating.
Regards
Sri


"Grooms, Frederick W" wrote:

**
It looks like your rmdyadm service account is not being found correctly.

I have found that the ARDBC LDAP configuration likes the full Distingushed Name (DN) from Active Directory while the AREA LDAP configuration likes the WindowsDomain\LoginName combination.

i.e.
ARDBC LDAP Configuration form has: CN=remedysvcacct,OU=System Users and Groups,DC=corp,DC=domain,DC=org
AREA LDAP Configuration form has: CORP\remedysvcacct

The vendor form Queries use the ARDBC LDAP configuration form data to log in and do the lookups. User logins use the AREA LDAP configuration form to login and search for the user so the user's password can be verified.

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. ! Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Regards
Sri

20060125This posting was submitted with HTML in it




Regards
Sri



Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
Sri:

This appears to be a permissions problem. Can you pull back any data with that user when you use LDP?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 12:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it