Now that that's working... If I have multiple domains defined for LDAP auth in the AREA form, I understand I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: lines, ala:
AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" Is it just as simple as copying the existing arealdap.dll and renaming it to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line? I've tried that and it doesn't seem to work -- the authentication attempt doesn't progress it to the second LDAP server... Thanks, JDHood On Fri, Dec 23, 2011 at 8:59 AM, JD Hood <[email protected]> wrote: > That did it and it's logging much more info now! > > I can *now* see from logging that the failure to auth is likely > simple-bind being rejected on the LDAP server (I didn't realize LDP uses > SASL by default). When I changed LDP to a simple, non ssl bind, the > known-good login failed there as well. This would be a clue. > > Thank you ARSList! > -JDHood > > > On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W < > [email protected]> wrote: > >> Ah ... It should be something like: >> >> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >> AREA-Hub-Plugin: "D:\Program Files\BMC >> Software\ARSystem\arealdap\arealdap.dll" >> >> So the hub will load the arealdap plugin. Without it the arealdap plugin >> is not loaded. >> >> Fred >> >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) [mailto: >> [email protected]] On Behalf Of JD Hood >> Sent: Thursday, December 22, 2011 6:37 PM >> To: [email protected] >> Subject: Re: AREA LDAP logging question >> >> ** Ok, I just tried that with logging on and I see: >> >> <PLGN> <TID: 005276> <RPC ID: 0000000000> <Queue: Dispatcher> >> <Client-RPC: 000000> /* Thu Dec 22 2011 19:16:06.3790 */AREA Plug-In >> Loaded: ARSYS.AREA.HUB version 2 >> >> Next, I commented out the plugin server in the armonitor and cranked it >> up manually and I got the following: >> D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i >> "D:\Program Files\BMC Software\ARSystem" -m >> >> Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 >> (c) Copyright 2001-2011 BMC Software, Inc. >> >> Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 >> (c) Copyright 1999-2011 BMC Software, Inc. >> >> >> Next item, checking the ar.cfg, I have the following lines that reference >> AREA and Plugin: >> >> Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap >> Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" >> AREA-Hub-Plugin: >> >> >> Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or >> something else? >> >> Thanks, >> JDHood >> >> >> -----Original Message----- >> On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: >> ** >> JD, >> >> When you start the AR Server (or kill -9 arplugin) and it creates a new >> arplugin log file, do you see this anywhere? >> >> Plug-In Loaded: ARSYS.AREA.LDAP version 2 >> >> In fact I would search for ARSYS.AREA.LDAP. If you don't have any in >> there, then the plugin isn't loading. >> >> If this is the case, comment out the arplugin line in the armonitor.conf >> and restart. Then you can start the arplugin manually from the commandline. >> Then if something is up, it will echo it to the console. >> >> I don't think your arealdap plugin is loading. In your ar.conf, have you >> got the arealdap.so (or dll) on a line beginning with Plugin: or >> AREA-Hub-Plugin:? >> >> If its the second one, then make sure you have Plugin: >> <someDir>/areahub.so (or dll) >> >> Kind regards >> Danny >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) [mailto: >> [email protected]] On Behalf Of JD Hood >> Sent: 22 December 2011 23:39 >> To: [email protected] >> Subject: Re: AREA LDAP logging question >> >> ** The plugin log only will show a single +VL and -VL per each login >> attempt. I don't see anything that indicates it's loading the AREA plugin >> in the plugin log. >> >> When support saw that, they went straight to the ar.cfg, but the AREA >> config entries in there look fine. >> >> We do know that the bind user, login & pass are good because we can use >> those values with LDP to browse/search LDAP. >> >> So, something is wonky with the Remedy AREA plugin, they just don't know >> what yet. Bundled up the config files and logs (java stuff too) and they >> are going to have a look, presumably with engineering. >> >> After all this, I wouldn't be surprised to find it's a network issue or >> something outside of Remedy. If only we could get logging to wake up, we >> could have better visibility into what it's doing. But the logging side is >> just not cooperating... >> >> Thanks, >> JDHood >> >> -----Original Message----- >> On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: >> Do you see the lines in the log where it is loading the AREA plugin? If >> not how is the arealdap plugin listed in the ar.cfg file? >> >> An additional thought... >> On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged >> thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the >> pluginsvr directory. >> >> Fred >> >> -----Original Message----- >> From: Action Request System discussion list(ARSList) [mailto: >> [email protected]] On Behalf Of JD Hood >> Sent: Wednesday, December 21, 2011 5:50 PM >> To: [email protected] >> Subject: AREA LDAP logging question >> >> ** >> 7.6.04 ITSM on Windows & SQL Server >> >> I'm trying to configure AREA authentication. I have everything configured >> enough to make an authentication attempt and the attempt naturally fails. >> >> I do not have a POC at the LDAP server to check my test user's account or >> to check logging on the LDAP end. >> >> At this point, I'm not even sure I'm reaching LDAP, successfully binding >> and/or hitting the test user's LDAP account. >> >> With plugin logging on and set to "ALL", I get about 730 lines of logging >> when I attempt to login with a test user. >> >> Out of those 730 lines of logging, I only get the following two lines >> that mention AREA or my user: >> >> <PLGN> <TID: 005436> <RPC ID: 0000000086> <Queue: AREA > >> <Client-RPC: 390695> /* Wed Dec 21 2011 18:14:13.9300 */+VL >> AREAVerifyLoginCallback -- user TRAIN19 >> <PLGN> <TID: 005436> <RPC ID: 0000000086> <Queue: AREA > >> <Client-RPC: 390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL >> FAIL >> >> >> This is like troubleshooting via braille method. Is there another >> AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY >> side? >> >> I've checked ARSList archives and the BMC KB's and can't find anything >> that I haven't already tried. I do see some really nice log >> examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on >> the Remedy Side. I think they would tell me what I need to know to get this >> working. For now, all I can find is those two measly log lines above. >> >> Any suggestions on how to get AREA logging much more verbose on the >> *REMEDY SIDE*? >> >> Thanks in advance! >> JDHood >> >> _______________________________________________________________________________ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" >> >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ >> >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ >> >> >> _______________________________________________________________________________ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" >> > > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
