[Date Prev] [Date Next] [Prev in Thread] [Next in Thread] [Date Index] [Thread Index]

Re: AREA failures

** Dustin,

This can be a pain to set up if you don't have help from LDAP administrator.  Their logs will tell you how your attempts to connect are doing.  Have one of them monitoring, make an attempt to connect and then have them relate whatever error message they see at that timestamp associated with either your ID or the Service Account.

For additional troubleshooting, I setup ldp on my Remedy server.  I used the service account ID and password to connect to the LDAP server directly and then I attempted to search on my own ID.  What I learned from that is that attribute I was searching on didn't match.  I found that I could get it to match using samAccountName.  Once I switched it to samAccountName=$\USER$ in my LDAP it started working for me.  

Hope you find this useful.


Ben Cantatore

From:        "Fawver, Dustin" <FAWVER@MAIL.ETSU.EDU>
To:        arslist@ARSLIST.ORG,
Date:        11/08/2016 03:17 PM
Subject:        Re: AREA failures
Sent by:        "Action Request System discussion list(ARSList)" <arslist@ARSLIST.ORG>

I just tried that and authentication is still failing.  Since I failed to mention it the last time, we have an Active Directory environment.  I have also tried turning on the plug-in and API logs, but the authentication attempts don't seem to be logged there.



From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on behalf of andres tamayo <cycomyco@GMAIL.COM>
Tuesday, November 8, 2016 3:06 PM
Re: AREA failures

hi there

in User search filter field try uid=$\USER$

2016-11-08 14:59 GMT-05:00 Fawver, Dustin <FAWVER@mail.etsu.edu>:

This is probably an easy one for the vets, but my Googlefu is weak.  On an ARS 9.1 (no ITSM) system, I have been attempting to set up AREA to authenticate via LDAP.  Authentication is failing.  I was trying to use LDAPS, but I have reverted back to just LDAP so that I can eliminate any issues regarding SSL for now.  The user account that I'm using as my test is present in the User form with a blank password.  Since I don't know if the listserv allows for screenshots, here are the settings that I have.

EA tab in Server Information
RPC Program Number:  390695
RPC timeout:  30
Need To Sync:  300
Authenticate Unregistered Users:  not checked
Cross Reference Blank Password:  checked
Authentication Chaining Mode:  AREA - ARS
Group Mapping:  blank
Ignore Excess Groups:  checked

AREA LDAP Configuration
Host Name:  ldap.etsu.edu
Port Number:  389
Bind User:  domain\username
Bind Password:  (supplied)
User Secure Socket Layer:  No
Failover Timeout:  5
Chase Referral:  No
User Base:  ou=FacStaff,dc=etsu,dc=edu
User Search Filter:  cn=$\USER$
Group Membership:  None

Nothing else is filled in on the AREA configuration form.  With the User Base, an issue I'm going to run into with that is that user accounts are placed in different OUs based on their status with the university.  I had tried a User Base of just "dc=etsu,dc=edu", but I don't know if that will work.

I would appreciate any assistance with this.


--Dustin Fawver

HelpDesk Technician
East Tennessee State University

_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_
_ARSlist: "Where the Answers Are" and have been for 20 years_

"------------------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please permanently delete the original and any copy of any e-mail and any printout thereof. Thank you for your compliance."

  ­­   _ARSlist: "Where the Answers Are" and have been for 20 years_