The password field is masked so the fact that you can see the ***'s do not mean anything. So if you are sure you haven't set any value either by directly mapping the password field to a column in the import file or through workflow, you could safely assume that all your passwords are null. Technically only your Demo (administrator user) user should have its password stored in the AR System if you have not created an ldap account for Demo. Its usually a good idea to keep this password in the AR System and not ldap though just in case there is an outage on the ldap server, as you will still be able to use the AR System by disabling the ldap integration - it would be a sort of a security risk as uses will have a blank password but thats another issue.. You could probably device some workflow to issue temp passwords during such an event and email them to the users, and restore them to null when you want to start using the ldap integration again.. Joe
----- Original Message ---- From: sivarama velicheti <[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, July 29, 2008 3:18:16 PM Subject: Re: Authentication from LDAP ** Hi Joe, Hi Joe let me confirm something from you. When you say that a user who has a blank password I assume that the users password is not stored in AR Server people form or user form. Only his login name is. When he enters his user name and password to login to the user tool or midtier the password he enters gets authenticated with the LDAP and he gets access. If that is the case when I am importing data to the people form in the login tab I can see "xxxxx" in the password field which beats be because I am not importing any password and hence it should show blank instead of "xxxxx". Do I need to change any settings in password management form?? Thanks Sivarama On Tue, Jul 29, 2008 at 12:03 PM, Joe DeSouza <[EMAIL PROTECTED]> wrote: ** Sivarama, I think you have a slight shroud of your understanding of how the LDAP integration works. No you do not need to import any passwords from LDAP to the ARS. The password is not communicated by the LDAP server to the AR Server, rather the response after validation is.. This means that when a user that has a blank password logs into an AR Server that is setup for LDAP authentication, the request for authentication is sent from the ARS to the LDAP server, and if the LDAP server validates the credentials to be valid, the user gets authenticated to Remedy. IF the password for the user is not blank in Remedy, then there is no request for authentication sent to the LDAP server, and the authentication happens locally.. Hope this helps.. Joe ----- Original Message ---- From: sivarama velicheti <[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, July 29, 2008 2:50:04 PM Subject: Re: Authentication from LDAP ** Hi Lisa, In the external authentication TAB are both the options i) authenticate - unregistered users and ii) Cross refernce blank password selected? I have external authentication plugin server program number as : 390695. One more thing in the configuration TAB what are the check boxes selected. I have enabled just i) allow unqualified searches and ii) enable multiple assign groups. Thanks Sivarama On Tue, Jul 29, 2008 at 11:11 AM, Lisa Westerfield <[EMAIL PROTECTED]> wrote: ** In our current implementation we are also multi-tenant, and we do not store passwords in ARS. We are authenticating externally, and our authentication chaining mode is ARS-Area. Hope that helps. From:Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Tuesday, July 29, 2008 12:02 PM To: [email protected] Subject: Authentication from LDAP ** Hi, I have a question regarding LDAP pertaining to AR Server 7.1. I have read in the guides somewhere that unless both the user name and password are stored in the local AR Server, the users are not considered registered users. In Multi-tenancy guest users are not allowed (and we have multi-tenancy turned on). I want to know what are my options. Do I have to import the password as well. I don't think its doable because LDAP would be encrypting them and even if I do import them AR Server needs to know how to decrypt them. Is my analogy of the situation right? if so what can I do. If not please correct me. -- Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" html___ TuringSMIis a Platinum Sponsor of both BMC UserWorld Events Email Disclaimer This email has been sent from the TuringSMI Group This message is subject to and does not create or vary any contractual relationship between TuringSMI, SMI Technologies, SMI Telco, its subsidiaries or affiliates and you. Internet communications are not secure and therefore the TuringSMI Group does not accept any legal responsibility for the contents of this message. Any views or opinions expressed are those of the author. This message is intended for the addressee(s) only and its contents and any attached files are strictly confidential. If you have received it in error, please contact the sender on the number above. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
