**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
Sri:

Does the rmdyadm account actually exist on the Remedy server or ONLY on the AD server? If the latter is the case, what is the problem?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Dear James,
I have this a/c on the server as well with admin privilage
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Matt:

Is your account a domain account or an account actually on the server. If I remember correctly, the account has to be directly on the server and not a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of Watson, Matthew (Melbourne)
Sent: Thursday, March 16, 2006 2:35 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it







**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
James,
I have this account on the Remedy server.
when i login using the Remedy user tool, error is
Invalid credentials (LDAPERR 49), comment: AcceptSecurityContext error
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

Does the rmdyadm account actually exist on the Remedy server or ONLY on the AD server? If the latter is the case, what is the problem?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it





Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it

**
Sri:

I am confused at this point. What are you attempting to do? Authenticate users against AD or pull back user information into a Vendor form?
If you are trying to authenticate users, this is working as you can log into Remedy with the remedyadm account. If it is the latter, you have more work to do.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 3:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have this a/c on the server as well with admin privilage
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Matt:

Is your account a domain account or an account actually on the server. If I remember correctly, the account has to be directly on the server and not a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of Watson, Matthew (Melbourne)
Sent: Thursday, March 16, 2006 2:35 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Sri:

Let me check with my server...

I can login in with the following using AREA LDAP:

I have to use the user name i.e. James McKenzie not the account name james.mckenzie.

I had to append the Domain name to the authenticating user name i.e. EVALLAB\remdyadm vice remdyadmin.

I am not using SSL.

Can you send me a screenshot, off the list, of the AREA LDAP form. You can hide the user name if you wish.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 3:10 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
James,
I have this account on the Remedy server.
when i login using the Remedy user tool, error is
Invalid credentials (LDAPERR 49), comment: AcceptSecurityContext error
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

Does the rmdyadm account actually exist on the Remedy server or ONLY on the AD server? If the latter is the case, what is the problem?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it





Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
James,
FQDN is provided. AD and server is on the same domain.
We plan to SSL once this goes well. Now i guess i am toooooo far.
A/c is present on the server, on AD as well as LDAP. Full Admin privilage is given.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

What is the actual FQDN hostname for the AD server. i.e. bubba.junior.com? You HAVE to use this name. Is your server, if it is a Windows server and the AD system in the SAME domain? If your server is in a different domain, is it TRUSTED?

Are you using SSL to communicate to your server? If it is, you will need to take special steps as outlined in the document:

Using SSL for LDAP functionality

which is available from the Tips and Tricks archive at the Developer Community web site.


The user you are using to access AD MUST BE ON THE AD SERVER. You cannot use a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:24 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
James,
I can pull the data using LDP. AD person told me that it is a Remdy's headache.Question is how my OS login name when entered in remedy's login name field is not authenticated. I thought just AREA LDAP configuration form entry, Admin tool config alone will complete the integration!!!.
Thanks
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

This appears to be a permissions problem. Can you pull back any data with that user when you use LDP?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 12:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).

In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri


20060125This posting was submitted with HTML in it

**
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP vendor form into SHR:People form(It is working) where as we need AD to authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).


In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri


20060125This posting was submitted with HTML in it




Regards
Sri



Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

This is a multi-part message in MIME format.

Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Could you provide a screen shot of the username, etc used when =
attempting to logon to the user tool?
=20
Thanks,
Andrew Baxter
Manager, Information Technology



From: Action Request System discussion list(ARSList) on behalf of sri =
sri
Sent: Thu 3/16/2006 7:50 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**=20
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA =
form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP =
vendor form into SHR:People form(It is working) where as we need AD to =
authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**=20
When you used LDP to check that server did you use when you did =
Connections -> Connect? What user did you use when you did Connections =
-> Bind?
=20
Go to your AREA LDAP Configuration form and set the Host name to the =
same one you have in your ARDBC LDAP Configuration form. (From your =
logs I can see that they are different). =20
=20
=09
In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=3Drmdyadm,ou=3Dspecial users,dc=3Damat,dc=3Dcom
AREA Host vaughan.amat.com
AREA User DN rmdyadm
=20
Fred
=20
=09
=09


From: Action Request System discussion list(ARSList) =
[mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration
=09
=09
**=20
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
=
! ; /* Wed Mar 15 2006 16:15:55.8130 */ =
LoadSysConfigFile
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
Configuration File D:\Program =
Files\AR System\conf\ar.cfg
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
Host Name =
ldap-sg-atex-01.mis.amat.com
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
Port Number 389
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
User DN =
uid=3Drmdyadm,ou=3Dspecial users,dc=3Damat,dc=3Dcom
=20
=
/* Wed Mar 15 2006 16:16:59.6810 */ =
ldapinit("vaughan.amat.com", 389)
=20
=
/* Wed Mar 15 2006 16:16:59.6810 */ =
ldapsimplebind("rmdyadm", hidden)
=20
=
/* Wed Mar 15 2006 16:16:59.9150 */ =
Bind: Invalid credentials (LDAPERR Code 49) =
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, =
data 52e, vece
=
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL =
FAIL
=09
//
Regards
Sri
=09
=09
20060125This posting was submitted with HTML =
in it=20




Regards
Sri=20



Yahoo! Mail
Use Photomail =
l.mail.yahoo.com> to share photos without annoying attachments. =
20060125This posting was submitted with HTML in =
it


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org

--=BoundaryjbDt3HvoFOAmEaJswFCH
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit

****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org
--=BoundaryjbDt3HvoFOAmEaJswFCH