**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.




Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************

20060125This posting was submitted with HTML in it

**
Hi Matt
Thanks
Let me try this

Regards
Sri
"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.


Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it







**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it



Regards
Sri




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
/* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.


Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it







**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it



Regards
Sri


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 20060125This posting was submitted with HTML in it

**
The username & pwd you are using in your LDAP configuration to bind to the directory server are invalid - all I can suggest is that you double check your config....not sure what else could be causing this.




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:26 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
/* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.


Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it




Regards
Sri


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************

20060125This posting was submitted with HTML in it

**

If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:

Install ARS on a Windows server as a domain member

If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts

Check the box to cross reference blank passwords

You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.



If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.



The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.



Thanks,

Andrew Baxter

Manager, Information Technology

w. (781) 902-6026

f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it

**
It looks like your rmdyadm service account is not being found correctly.

I have found that the ARDBC LDAP configuration likes the full Distingushed Name (DN) from Active Directory while the AREA LDAP configuration likes the WindowsDomain\LoginName combination.

i.e.
ARDBC LDAP Configuration form has: CN=remedysvcacct,OU=System Users and Groups,DC=corp,DC=domain,DC=org
AREA LDAP Configuration form has: CORP\remedysvcacct

The vendor form Queries use the ARDBC LDAP configuration form data to log in and do the lookups. User logins use the AREA LDAP configuration form to login and search for the user so the user's password can be verified.

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. ! Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Regards
Sri



20060125This posting was submitted with HTML in it

**
Hi Grooms Fredrick,
I tried with domainname\accountname. No luck. Is there anything to be installed/ configured? Remedy login does not know my OS domain login name right?
I used ldp utility. It is clearly authenticating.
Regards
Sri


"Grooms, Frederick W" wrote:

**
It looks like your rmdyadm service account is not being found correctly.

I have found that the ARDBC LDAP configuration likes the full Distingushed Name (DN) from Active Directory while the AREA LDAP configuration likes the WindowsDomain\LoginName combination.

i.e.
ARDBC LDAP Configuration form has: CN=remedysvcacct,OU=System Users and Groups,DC=corp,DC=domain,DC=org
AREA LDAP Configuration form has: CORP\remedysvcacct

The vendor form Queries use the ARDBC LDAP configuration form data to log in and do the lookups. User logins use the AREA LDAP configuration form to login and search for the user so the user's password can be verified.

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tricks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. ! Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Regards
Sri

20060125This posting was submitted with HTML in it




Regards
Sri



Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
Sri:

This appears to be a permissions problem. Can you pull back any data with that user when you use LDP?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 12:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**

I would suggest you start by disabling the LDAP authentication plugin.

I just ran this test on my dev server here and what I found was the following:

The login name must equal the sam account name or the UPN

Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.



Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.



Thanks,

Andrew Baxter

Manager, Information Technology

w. (781) 902-6026

f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration



**

Dear Baxter Andrew,

Thanks for your reply.

Yes. My ARS is installed as a domain member.

I have a single domain.

I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.

I can see it is not authenticating using Remedy.

Regards

Sri


"Baxter, Andrew" wrote:

**

If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:

Install ARS on a Windows server as a domain member

If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts

Check the box to cross reference blank passwords

You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.



If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.



The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.



Thanks,

Andrew Baxter

Manager, Information Technology

w. (781) 902-6026

f. (781) 902-6002





20060125This posting was submitted with HTML in it

! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it

**
In your logs I see the following (from your config forms)...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

We use the same host here for both AREA and ARDBC (since it is the same Active Directory).

If ARDBC is working have you checked LDP against vaughan (or set your AREA host to the same as ARDBC)?

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 1:41 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Grooms Fredrick,
I tried with domainname\accountname. No luck. Is there anything to be installed/ configured? Remedy login does not know my OS domain login name right?
I used ldp utility. It is clearly authenticating.
Regards
Sri


"Grooms, Frederick W" wrote:

**
It looks like your rmdyadm service account is not being found correctly.

I have found that the ARDBC LDAP configuration likes the full Distingushed Name (DN) from Active Directory while the AREA LDAP configuration likes the WindowsDomain\LoginName combination.

i.e.
! ARDBC LDAP Configuration form has: CN=remedysvcacct,OU=System Users and Groups,DC=corp,DC=domain,DC=org
AREA LDAP Configuration form has: CORP\remedysvcacct

The vendor form Queries use the ARDBC LDAP configuration form data to log in and do the lookups. User logins use the AREA LDAP configuration form to login and search for the user so the user's password can be verified.

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar ! 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8! 130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2! 006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tr! icks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. ! Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Regards
Sri

20060125This posting was submitted with HTML in it




Regards
Sri



Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it

**
James,
Just authenticate the user against AD. Pulling data from LDAP is over and working fine. I am not able to login to Remedy using my domain account as well aradm which is specially created in AD, Remedy server, Domain as well as in LDAP. where as i can use LDP to connect /bind without any problem. I have used ARDBC to connect to LDAP and am good. But Authentication suppose to happen ny AD. This is not happening.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

I am confused at this point. What are you attempting to do? Authenticate users against AD or pull back user information into a Vendor form?
If you are trying to authenticate users, this is working as you can log into Remedy with the remedyadm account. If it is the latter, you have more work to do.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 3:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have this a/c on the server as well with admin privilage
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Matt:

Is your account a domain account or an account actually on the server. If I remember correctly, the account has to be directly on the server and not a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of Watson, Matthew (Melbourne)
Sent: Thursday, March 16, 2006 2:35 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
James,
I can pull the data using LDP. AD person told me that it is a Remdy's headache.Question is how my OS login name when entered in remedy's login name field is not authenticated. I thought just AREA LDAP configuration form entry, Admin tool config alone will complete the integration!!!.
Thanks
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

This appears to be a permissions problem. Can you pull back any data with that user when you use LDP?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 12:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

**
Dear Grooms Freerick,
I have ARDBC for LDAP and able to pull out LDAP data.
I have configured AREA for Active directory authentication.
I am checking by ARDBC using AD data
Regards
Srivathsa

"Grooms, Frederick W" wrote:

**
In your logs I see the following (from your config forms)...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

We use the same host here for both AREA and ARDBC (since it is the same Active Directory).

If ARDBC is working have you checked LDP against vaughan (or set your AREA host to the same as ARDBC)?

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 1:41 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Grooms Fredrick,
I tried with domainname\accountname. No luck. Is there anything to be installed/ configured? Remedy login does not know my OS domain login name right?
I used ldp utility. It is clearly authenticating.
Regards
Sri


"Grooms, Frederick W" wrote:

**
It looks like your rmdyadm service account is not being found correctly.

I have found that the ARDBC LDAP configuration likes the full Distingushed Name (DN) from Active Directory while the AREA LDAP configuration likes the WindowsDomain\LoginName combination.

i.e.
! ARDBC LDAP Configuration form has: CN=remedysvcacct,OU=System Users and Groups,DC=corp,DC=domain,DC=org
AREA LDAP Configuration form has: CORP\remedysvcacct

The vendor form Queries use the ARDBC LDAP configuration form data to log in and do the lookups. User logins use the AREA LDAP configuration form to login and search for the user so the user's password can be verified.

Fred




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Attribute
/* Wed Mar 15 2006 16:15:55.8130 */ Notif Mech Default 0
/* Wed Mar 15 2006 16:15:55.8130 */ IO timeout 40
/* Wed Mar 15 2006 16:15:55.8130 */ Connect timeout 35
/* Wed Mar ! 15 2006 16:15:55.8130 */ Entering ARPluginEvent (1)
/* Wed Mar 15 2006 16:15:55.8130 */ Entering UpdateConfiguration(0)
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile
/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg
/* Wed Mar 15 2006 16:15:55.8! 130 */ Host Name ldap-sg-atex-01.mis.amat.com
/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389
/* Wed Mar 15 2006 16:15:55.8130 */ Using SSL 0
/* Wed Mar 15 2! 006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
/* Wed Mar 15 2006 16:15:55.8130 */ Certificate DB
/* Wed Mar 15 2006 16:15:55.8130 */ Page Size 10000
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving UpdateConfiguration
/* Wed Mar 15 2006 16:15:55.8130 */ Leaving ARPluginEvent
/* Wed Mar 15 2006 16:16:59.6810 */ +VL AREAVerifyLoginCallback -- user shullahallix041396
/* Wed Mar 15 2006 16:16:59.6810 */ AREAVerifyLoginCallback
/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout previously: -1
/* Wed Mar 15 2006 16:16:59.6810 */ connect timeout used: 35000
/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)
/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri

"Watson, Matthew (Melbourne)" wrote:

**
Have you turned on plugin logging? Add the following line into your ar.cfg file and enable plugin logging via the Admin Tool - it will give you a detailed output of what the LDAP plug-in is doing as you try to login:

Plugin-Log-Level: 400

Cheers,
Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, 16 March 2006 11:00 AM
To: arslist@ARSLIST.ORG
Subject: Active Directory integration


**
Dear All,
I am doing the Microsoft Active Directory- SunOne directory service integration with ARS 6.3 patch 14 which is on win 2003.I have followed the Tips and tr! icks article and able to enter the data in the AREA LDAP configuration form.
Active directory Login/Password is correct and has the privileges. ! Search filter is correct.
I have checked the cross ref blank password as well as Authenticate unregistered users in the admin tool. I have created a user with blank password. External Authentication RPC number is 390695.
I have not installed any third party software apart from Remedy ARS remedy modules and plug-in on the server.
I am using Remedy client using my laptop and typing my OS domain account at login. Authentication is failed.
Then I tried using the account with blank password. Here too Authentication is failed.
Am I doing the testing in right way? Anything else has to be installed?
Plug-in is working because I can query my ldap objects and query the vendor form.



Regards
Sri

20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it 20060125This posting was submitted with HTML in it





Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze. 20060125This posting was submitted with HTML in it

**
Sri:

What is the actual FQDN hostname for the AD server. i.e. bubba.junior.com? You HAVE to use this name. Is your server, if it is a Windows server and the AD system in the SAME domain? If your server is in a different domain, is it TRUSTED?

Are you using SSL to communicate to your server? If it is, you will need to take special steps as outlined in the document:

Using SSL for LDAP functionality

which is available from the Tips and Tricks archive at the Developer Community web site.


The user you are using to access AD MUST BE ON THE AD SERVER. You cannot use a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:24 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
James,
I can pull the data using LDP. AD person told me that it is a Remdy's headache.Question is how my OS login name when entered in remedy's login name field is not authenticated. I thought just AREA LDAP configuration form entry, Admin tool config alone will complete the integration!!!.
Thanks
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

This appears to be a permissions problem. Can you pull back any data with that user when you use LDP?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 12:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it





Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************

20060125This posting was submitted with HTML in it

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it





Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Matt:

Is your account a domain account or an account actually on the server. If I remember correctly, the account has to be directly on the server and not a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of Watson, Matthew (Melbourne)
Sent: Thursday, March 16, 2006 2:35 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it





Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
Sri:

Does the rmdyadm account actually exist on the Remedy server or ONLY on the AD server? If the latter is the case, what is the problem?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Dear James,
I have this a/c on the server as well with admin privilage
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Matt:

Is your account a domain account or an account actually on the server. If I remember correctly, the account has to be directly on the server and not a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of Watson, Matthew (Melbourne)
Sent: Thursday, March 16, 2006 2:35 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it







**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
James,
I have this account on the Remedy server.
when i login using the Remedy user tool, error is
Invalid credentials (LDAPERR 49), comment: AcceptSecurityContext error
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

Does the rmdyadm account actually exist on the Remedy server or ONLY on the AD server? If the latter is the case, what is the problem?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it





Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it

**
Sri:

I am confused at this point. What are you attempting to do? Authenticate users against AD or pull back user information into a Vendor form?
If you are trying to authenticate users, this is working as you can log into Remedy with the remedyadm account. If it is the latter, you have more work to do.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 3:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have this a/c on the server as well with admin privilage
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Matt:

Is your account a domain account or an account actually on the server. If I remember correctly, the account has to be directly on the server and not a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of Watson, Matthew (Melbourne)
Sent: Thursday, March 16, 2006 2:35 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Sri,

We've been using the AREA LDAP plug-in for about three years, since v5.1.2, and haven't changed our configuration at all during our upgrades to 6.0, 6.0.1 and now 6.3. So it would definitely appear to be something in your config, or perhaps your install......

Matt




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Friday, 17 March 2006 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it








**********************************************************************
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you have received this communication in error, please notify us immediately by return e-mail with the subject heading "Received in error" or telephone +61 2 93357000, then delete the email and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Australian partnership, is part of the KPMG International network. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International provides no services to clients. Each member firm of KPMG International is a legally distinct and separate entity and each describes itself as such.

Liability limited by a scheme approved under Professional Standards Legislation.

This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses. See www.mimesweeper.com for more information.
**********************************************************************
20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
Sri:

Let me check with my server...

I can login in with the following using AREA LDAP:

I have to use the user name i.e. James McKenzie not the account name james.mckenzie.

I had to append the Domain name to the authenticating user name i.e. EVALLAB\remdyadm vice remdyadmin.

I am not using SSL.

Can you send me a screenshot, off the list, of the AREA LDAP form. You can hide the user name if you wish.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 3:10 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
James,
I have this account on the Remedy server.
when i login using the Remedy user tool, error is
Invalid credentials (LDAPERR 49), comment: AcceptSecurityContext error
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

Does the rmdyadm account actually exist on the Remedy server or ONLY on the AD server? If the latter is the case, what is the problem?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear James,
I have the account both on the AD as well as Domain. I am able to login using the rmdyadm a/c to the remedy server.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

The more information you give, the more we can give. You have to have an AD account on the AD server. Not just a Domain Account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:28 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
HI Baxter, Andrew,
I tried this combination. Not able to login. LDP is getting the data.Any patch need to installed? I am on patch 14 for ARS 6.3
Regards
Sri

"Baxter, Andrew" wrote:

**
I would suggest you start by disabling the LDAP authentication plugin.
I just ran this test on my dev server here and what I found was the following:
The login name must equal the sam account name or the UPN
Since you are in a single domain you are lucky. The authentication does not appear to work if you use the domain\ as part of the logon.

Using either my UPN or just my SAM Account name with no domain prefix it works just fine for me.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration

**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
! ****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****
20060125This posting was submitted with HTML in it





Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Relax. Yahoo! Mail virus scanning helps detect nasty viruses! 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it





Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it

**
James,
FQDN is provided. AD and server is on the same domain.
We plan to SSL once this goes well. Now i guess i am toooooo far.
A/c is present on the server, on AD as well as LDAP. Full Admin privilage is given.
Regards
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

What is the actual FQDN hostname for the AD server. i.e. bubba.junior.com? You HAVE to use this name. Is your server, if it is a Windows server and the AD system in the SAME domain? If your server is in a different domain, is it TRUSTED?

Are you using SSL to communicate to your server? If it is, you will need to take special steps as outlined in the document:

Using SSL for LDAP functionality

which is available from the Tips and Tricks archive at the Developer Community web site.


The user you are using to access AD MUST BE ON THE AD SERVER. You cannot use a domain account.

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 2:24 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
James,
I can pull the data using LDP. AD person told me that it is a Remdy's headache.Question is how my OS login name when entered in remedy's login name field is not authenticated. I thought just AREA LDAP configuration form entry, Admin tool config alone will complete the integration!!!.
Thanks
Sri

"McKenzie, James J C-E LCMC HQISEC/L3" wrote:

**
Sri:

This appears to be a permissions problem. Can you pull back any data with that user when you use LDP?

James McKenzie


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]On Behalf Of sri sri
Sent: Thursday, March 16, 2006 12:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Dear Baxter Andrew,
Thanks for your reply.
Yes. My ARS is installed as a domain member.
I have a single domain.
I checked with cross reference password and without. No luck. But i am using my domain login name to test. i used ldp utility to get connected and bind. It is passed.
I can see it is not authenticating using Remedy.
Regards
Sri

"Baxter, Andrew" wrote:

**
If you are attempting to integrate AR authentication with AD the following are the steps I would recommend:
Install ARS on a Windows server as a domain member
If you have more than one domain, ensure there is a trust relationship between the domain with your AR server and your user accounts
Check the box to cross reference blank passwords
You do not need the ldap plugin to authenticate windows users on AR Server running on a windows server if the above qualifications are met.

If you only have a single domain, then you need not worry about trust relationships since a domain member in a single domain will be able to query user accounts.

The LDAP authentication plugin is intended for use on UNIX systems to be able to read AD, but that is not needed in a windows server environment.

Thanks,
Andrew Baxter
Manager, Information Technology
w. (781) 902-6026
f. (781) 902-6002



20060125This posting was submitted with HTML in it
****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

20060125This posting was submitted with HTML in it




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).

In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri


20060125This posting was submitted with HTML in it

**
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP vendor form into SHR:People form(It is working) where as we need AD to authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).


In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri


20060125This posting was submitted with HTML in it




Regards
Sri



Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it

This is a multi-part message in MIME format.

Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Could you provide a screen shot of the username, etc used when =
attempting to logon to the user tool?
=20
Thanks,
Andrew Baxter
Manager, Information Technology



From: Action Request System discussion list(ARSList) on behalf of sri =
sri
Sent: Thu 3/16/2006 7:50 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**=20
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA =
form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP =
vendor form into SHR:People form(It is working) where as we need AD to =
authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**=20
When you used LDP to check that server did you use when you did =
Connections -> Connect? What user did you use when you did Connections =
-> Bind?
=20
Go to your AREA LDAP Configuration form and set the Host name to the =
same one you have in your ARDBC LDAP Configuration form. (From your =
logs I can see that they are different). =20
=20
=09
In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=3Drmdyadm,ou=3Dspecial users,dc=3Damat,dc=3Dcom
AREA Host vaughan.amat.com
AREA User DN rmdyadm
=20
Fred
=20
=09
=09


From: Action Request System discussion list(ARSList) =
[mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration
=09
=09
**=20
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
=
! ; /* Wed Mar 15 2006 16:15:55.8130 */ =
LoadSysConfigFile
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
Configuration File D:\Program =
Files\AR System\conf\ar.cfg
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
Host Name =
ldap-sg-atex-01.mis.amat.com
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
Port Number 389
=20
=
/* Wed Mar 15 2006 16:15:55.8130 */ =
User DN =
uid=3Drmdyadm,ou=3Dspecial users,dc=3Damat,dc=3Dcom
=20
=
/* Wed Mar 15 2006 16:16:59.6810 */ =
ldapinit("vaughan.amat.com", 389)
=20
=
/* Wed Mar 15 2006 16:16:59.6810 */ =
ldapsimplebind("rmdyadm", hidden)
=20
=
/* Wed Mar 15 2006 16:16:59.9150 */ =
Bind: Invalid credentials (LDAPERR Code 49) =
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, =
data 52e, vece
=
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL =
FAIL
=09
//
Regards
Sri
=09
=09
20060125This posting was submitted with HTML =
in it=20




Regards
Sri=20



Yahoo! Mail
Use Photomail =
l.mail.yahoo.com> to share photos without annoying attachments. =
20060125This posting was submitted with HTML in =
it


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org

--=BoundaryjbDt3HvoFOAmEaJswFCH
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit

****This e-mail is sent by Hudson Highland Group, Inc., or one of its subsidiaries, and may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.****


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org
--=BoundaryjbDt3HvoFOAmEaJswFCH

**
Sri,

I just got finished working with what appears to be a very similar problem.

In your AREA User Search Filter field are you using the filter cn=$\USER$ ? I found that AD was not storing all user objects with a consistently formatted cn value. For example, our cn value was formatted similarly to cn=Remedy\ Service Account (Service Account), nothing like the actual login name cn=rmdyadm. So, the User Search Filter filter was not matching up. AD consistently stores the userPrincipalName value though, in our case at least.

You might give this a try. Use the LDP tool to bind to the AD server just as before. View > Tree, view the defaultNamingContext, the simplest one DC=amat,DC=com. Click Browse > Search, enter DC=amaet,DC=com in the Base Dn field. Enter (cn=rmdyadm) in the Filter field. Search. The result may or may not be zero. If it is zero and in fact you are using cn=$\USER$ then you likely don't have a cn=rmdyadm in AD. Try another search for (userPrincipalName=rmdyadm@amat.com). See if that has any results. If it does then search out a few other user account names of ARS users, see if they return consistently.

We ended up going with a User Search Filter value of userPrincipalName=$\USER$@amat.com Maybe you can use a filter similar to that as well?

Here are some other things that I suggest you check, I didn't notice that anyone else had mentioned them.

Your ARS account, rmdyadm, it doesn't have a fixed license right? If I remember correctly, it can't have a fixed license. I go with read license. The password for the ARS rmdyadm account is blank/NULL right?

Don't use the AREA Group Membership fields, at least not until this problem is resolved.

Make sure that the AD server you are using in the AREA configuration actually has your rmdyadm user object! You could be using LDP.exe and actually authenticating against another server. The server that you are currently using may not be synched up with the other AD servers and not have all of the user objects, including rmdyadmn.

Good luck.

Charlie Wilson
ReachView Technologies




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 7:51 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP vendor form into SHR:People form(It is working) where as we need AD to authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).


In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri


20060125This posting was submitted with HTML in it




Regards
Sri



Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it

**
So you are saying in you have an LDAP tree separate from your Active Directory tree? Here we use ARDBC LDAP to pull from the AD tree and we authenticate against the same AD with AREA.

In LDP, when you did the connect you used vaughan.amat.com. When you did the bind you used rmdyadm. Did you put anything in the Domain field? If so try putting that value in front of rmdyadm (i.e. if you put CORP in the Domain field in LDP use CORP\rmdyadm in the AREA LDAP configuration form.

One other thing to try is when looking at the data in LDP for the rmdyadm account, what is the sAMAccountName value. You might try putting that value in the AREA configuration form.

Fred



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 6:51 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP vendor form into SHR:People form(It is working) where as we need AD to authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).


In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri




Regards
Sri

20060125This posting was submitted with HTML in it

**
Dear All,
First i thank all list users who really helped me in this venture of AD integration with ARS. The LDAP Problem is Solved. Thanks to Doug. He helped us to crack the problem. Simply great person he is. He changed the User DN to
CN=rmdyadm,OU=Special-Users,DC=amat,DC=com

It started working. Some times i feel AD is so crazy. I never expected that AD behaves this way.
Regards
Sri

Charles Wilson wrote:

**
Sri,

I just got finished working with what appears to be a very similar problem.

In your AREA User Search Filter field are you using the filter cn=$\USER$ ? I found that AD was not storing all user objects with a consistently formatted cn value. For example, our cn value was formatted similarly to cn=Remedy\ Service Account (Service Account), nothing like the actual login name cn=rmdyadm. So, the User Search Filter filter was not matching up. AD consistently stores the userPrincipalName value though, in our case at least.

You might give this a try. Use the LDP tool to bind to the AD server just as before. View > Tree, view the defaultNamingContext, the simplest one DC=amat,DC=com. Click Browse > Search, enter DC=amaet,DC=com in the Base Dn field. Enter (cn=rmdyadm) in the Filter field. Search. The result may or may not be zero. If it is zero and in fact you are using cn=$\USER$ then you likely don't have a cn=rmdyadm in AD. Try another search for (userPrincipalName=rmdyadm@amat.com). See if that has any results. If it does then search out a few other user account names of ARS users, see if they return consistently.

We ended up going with a User Search Filter value of userPrincipalName=$\USER$@amat.com Maybe you can use a filter similar to that as well?

Here are some other things that I suggest you check, I didn't notice that anyone else had mentioned them.

Your ARS account, rmdyadm, it doesn't have a fixed license right? If I remember correctly, it can't have a fixed license. I go with read license. The password for the ARS rmdyadm account is blank/NULL right?

Don't use the AREA Group Membership fields, at least not until this problem is resolved.

Make sure that the AD server you are using in the AREA configuration actually has your rmdyadm user object! You could be using LDP.exe and actually authenticating against another server. The server that you are currently using may not be synched up with the other AD servers and not have all of the user objects, including rmdyadmn.

Good luck.

Charlie Wilson
ReachView Technologies




From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Thursday, March 16, 2006 7:51 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Fread
I used same account in LDP. it worked. The same id is given in the AREA form.
Yes. i used differently. We need ARDBC to fetch the data from LDAP vendor form into SHR:People form(It is working) where as we need AD to authenticate the login name
Regards
Sri.

"Grooms, Frederick W" wrote:

**
When you used LDP to check that server did you use when you did Connections -> Connect? What user did you use when you did Connections -> Bind?

Go to your AREA LDAP Configuration form and set the Host name to the same one you have in your ARDBC LDAP Configuration form. (From your logs I can see that they are different).


In your logs I see the following ...
ARDBC Host ldap-sg-atex-01.mis.amat.com
ARDBC User DN uid=rmdyadm,ou=special users,dc=amat,dc=com
AREA Host vaughan.amat.com
AREA User DN rmdyadm

Fred





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of sri sri
Sent: Wednesday, March 15, 2006 6:26 PM
To: arslist@ARSLIST.ORG
Subject: Re: Active Directory integration


**
Hi Matt,
The Error is "Invalid credentials". How can i debug this?
Pasting the part of the log
//
! ; /* Wed Mar 15 2006 16:15:55.8130 */ LoadSysConfigFile

/* Wed Mar 15 2006 16:15:55.8130 */ Configuration File D:\Program Files\AR System\conf\ar.cfg

/* Wed Mar 15 2006 16:15:55.8130 */ Host Name ldap-sg-atex-01.mis.amat.com

/* Wed Mar 15 2006 16:15:55.8130 */ Port Number 389

/* Wed Mar 15 2006 16:15:55.8130 */ User DN uid=rmdyadm,ou=special users,dc=amat,dc=com

/* Wed Mar 15 2006 16:16:59.6810 */ ldapinit("vaughan.amat.com", 389)

/* Wed Mar 15 2006 16:16:59.6810 */ ldapsimplebind("rmdyadm", hidden)

/* Wed Mar 15 2006 16:16:59.9150 */ Bind: Invalid credentials (LDAPERR Code 49) 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
/* ! Wed Mar 15 2006 16:16:59.9150 */ -VL FAIL

//
Regards
Sri


20060125This posting was submitted with HTML in it




Regards
Sri


Yahoo! Mail
Use Photomail to share photos without annoying attachments. 20060125This posting was submitted with HTML in it 20060125This posting was submitted with HTML in it



Regards
Sri




Yahoo! Travel
Find great deals to the top 10 hottest destinations! 20060125This posting was submitted with HTML in it