We had a situation where the plug-in server would hang on AD queries after the first query (RH ES3, ARS 6.3 various patches between 5-13, worked fine in ARS 6.1 and Solaris). Once I configured the GC port the problem went away. The downside was the msNPAllowDialin attribute was not available anymore (in our environment show if a user has remote access).
Below is an example Table Name string, a snippet from MS's site and a ULR with more info on the GC.
ldap://<InsertDomainControlerHere>:3268/DC=<InsertDomainHere>,DC=com??sub?(objectclass=user)
global catalog (GC) -- the global catalog contains a partial replica of every Windows 2000 domain in the directory. The GC lets users and applications find objects in an Active Directory domain tree given one or more attributes of the target object. It also contains the schema and configuration of directory partitions. This means the global catalog holds a replica of every object in the Active Directory, but with only a small number of their attributes. The attributes in the global catalog are those most frequently used in search operations (such as a user's first and last names, logon names, and so on), and those required to locate a full replica of the object. The GC allows users to find objects of interest quickly without knowing what domain holds them and without requiring a contiguous extended namespace in the enterprise. The global catalog is built automatically by the Active Directory replication system.
http://technet2.microsoft.com/WindowsServer/en/library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx?mfr=true
On 9/14/06, L. J. Head <[EMAIL PROTECTED]> wrote:
Yes that is possible but you have several things to worry about when you do
that.
1. What sort of connection exists between your remedy and AD server for
querying.
2. How many queries are you performing daily across that connection and if
you want to cause that type of network traffic
3. As someone else already mentioned, is there any workflow associated with
the People records that would be affected by not using the people form
4. Are there any 'customers' of your solution that are not members of your
AD infrastructure? If so you will need some type of toggle to be able to
pull from the local resource instead of the network
5. Are your LDAP servers capable of the type of load that you will be
imposing on them by doing almost constant queries from them
All that having been said...I have a custom system setup using only the AD
server for its customer data and it works fine.
L. J. Head
Software Engineer
Remedy Approved Consultant
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[email protected]] On Behalf Of Chris Rom
Sent: Thursday, September 14, 2006 9:27 AM
To: [email protected]
Subject: people lookup in realtime from LDAP ?
Hi there,
has anyone implemented a people lookup in realtime from LDAP (or AD) ?
Instead of loading 50,000+ employees into the people table, could you do a
realtime lookup and then populate the employee info on the
Indicent/Problem/Change ? That way it would always be accurate, as long as
LDAP is and you don't have to worry about synching and pushing the data to
the people table.
I understand that you probably still need the support staff in the people
table, unless you can also implement LDAP groups that assign permissions in
realtime.
Rgds,
Chris
____________________________________________________________________________
___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
__20060125_______________________This posting was submitted with HTML in it___
