You shouldn't have to manually edit the ar.cfg, all the necessary changes will be made when you configure the additional LDAP servers via the AREA LDAP configuration form.
If you're only authenticating against one LDAP server then the hub is not necessary, you should just have a Plugin: ..\arealdap.dll line in the ar.cfg. When you configure two or more LDAP servers this gets replaced by Plugin: ..\areahub.dll and there should be one AREA-Hug-Plugin: ..\arealdap.dll for EACH LDAP server - i.e. 2 LDAP servers, 2 AREA-Hub-Plugin: lines. The AREA LDAP configuration options are the ones that get the _1, _2, etc suffixes, not the plugin lines. Mark ________________________________ From: Action Request System discussion list(ARSList) [[email protected]] On Behalf Of JD Hood [[email protected]] Sent: 23 December 2011 22:28 To: [email protected] Subject: Re: AREA LDAP logging question ** Now that that's working... If I have multiple domains defined for LDAP auth in the AREA form, I understand I need to specify additional arealdap.dll's on additional AREA-Hub-Plugin: lines, ala: AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap_1.dll" Is it just as simple as copying the existing arealdap.dll and renaming it to something like "arealdap_1.dll" and adding it on another AREA-Hub-Plugin line? I've tried that and it doesn't seem to work -- the authentication attempt doesn't progress it to the second LDAP server... Thanks, JDHood On Fri, Dec 23, 2011 at 8:59 AM, JD Hood <[email protected]<mailto:[email protected]>> wrote: That did it and it's logging much more info now! I can *now* see from logging that the failure to auth is likely simple-bind being rejected on the LDAP server (I didn't realize LDP uses SASL by default). When I changed LDP to a simple, non ssl bind, the known-good login failed there as well. This would be a clue. Thank you ARSList! -JDHood On Thu, Dec 22, 2011 at 8:12 PM, Grooms, Frederick W <[email protected]<mailto:[email protected]>> wrote: Ah ... It should be something like: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\arealdap.dll" So the hub will load the arealdap plugin. Without it the arealdap plugin is not loaded. Fred -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]<mailto:[email protected]>] On Behalf Of JD Hood Sent: Thursday, December 22, 2011 6:37 PM To: [email protected]<mailto:[email protected]> Subject: Re: AREA LDAP logging question ** Ok, I just tried that with logging on and I see: <PLGN> <TID: 005276> <RPC ID: 0000000000> <Queue: Dispatcher> <Client-RPC: 000000> /* Thu Dec 22 2011 19:16:06.3790 */AREA Plug-In Loaded: ARSYS.AREA.HUB version 2 Next, I commented out the plugin server in the armonitor and cranked it up manually and I got the following: D:\Program Files\BMC Software\ARSystem>arplugin.exe --unicode -i "D:\Program Files\BMC Software\ARSystem" -m Action Request System(R) Plug-In Server Version 7.6.04 SP2 201110080614 (c) Copyright 2001-2011 BMC Software, Inc. Action Request System(R) Approval Server Version 7.6.04 SP2 201110080614 (c) Copyright 1999-2011 BMC Software, Inc. Next item, checking the ar.cfg, I have the following lines that reference AREA and Plugin: Plugin-Path: D:\Program Files\BMC Software\ARSystem\arealdap Plugin: "D:\Program Files\BMC Software\ARSystem\arealdap\areahub.dll" AREA-Hub-Plugin: Should I add the path to areahub.dll on the AREA-Hub-Plugin line? Or something else? Thanks, JDHood -----Original Message----- On Thu, Dec 22, 2011 at 6:49 PM, Danny Kellett wrote: ** JD, When you start the AR Server (or kill -9 arplugin) and it creates a new arplugin log file, do you see this anywhere? Plug-In Loaded: ARSYS.AREA.LDAP version 2 In fact I would search for ARSYS.AREA.LDAP. If you don't have any in there, then the plugin isn't loading. If this is the case, comment out the arplugin line in the armonitor.conf and restart. Then you can start the arplugin manually from the commandline. Then if something is up, it will echo it to the console. I don't think your arealdap plugin is loading. In your ar.conf, have you got the arealdap.so (or dll) on a line beginning with Plugin: or AREA-Hub-Plugin:? If its the second one, then make sure you have Plugin: <someDir>/areahub.so (or dll) Kind regards Danny -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]<mailto:[email protected]>] On Behalf Of JD Hood Sent: 22 December 2011 23:39 To: [email protected]<mailto:[email protected]> Subject: Re: AREA LDAP logging question ** The plugin log only will show a single +VL and -VL per each login attempt. I don't see anything that indicates it's loading the AREA plugin in the plugin log. When support saw that, they went straight to the ar.cfg, but the AREA config entries in there look fine. We do know that the bind user, login & pass are good because we can use those values with LDP to browse/search LDAP. So, something is wonky with the Remedy AREA plugin, they just don't know what yet. Bundled up the config files and logs (java stuff too) and they are going to have a look, presumably with engineering. After all this, I wouldn't be surprised to find it's a network issue or something outside of Remedy. If only we could get logging to wake up, we could have better visibility into what it's doing. But the logging side is just not cooperating... Thanks, JDHood -----Original Message----- On Thu, Dec 22, 2011 at 3:14 PM, Grooms, Frederick W wrote: Do you see the lines in the log where it is loading the AREA plugin? If not how is the arealdap plugin listed in the ar.cfg file? An additional thought... On Windows 7.6.04 is AREA now a Java plugin? If so it should be debugged thru the pluginsvr_config.xml and log4j_pluginsvr.xml files in the pluginsvr directory. Fred -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]<mailto:[email protected]>] On Behalf Of JD Hood Sent: Wednesday, December 21, 2011 5:50 PM To: [email protected]<mailto:[email protected]> Subject: AREA LDAP logging question ** 7.6.04 ITSM on Windows & SQL Server I'm trying to configure AREA authentication. I have everything configured enough to make an authentication attempt and the attempt naturally fails. I do not have a POC at the LDAP server to check my test user's account or to check logging on the LDAP end. At this point, I'm not even sure I'm reaching LDAP, successfully binding and/or hitting the test user's LDAP account. With plugin logging on and set to "ALL", I get about 730 lines of logging when I attempt to login with a test user. Out of those 730 lines of logging, I only get the following two lines that mention AREA or my user: <PLGN> <TID: 005436> <RPC ID: 0000000086> <Queue: AREA > <Client-RPC: 390695> /* Wed Dec 21 2011 18:14:13.9300 */+VL AREAVerifyLoginCallback -- user TRAIN19 <PLGN> <TID: 005436> <RPC ID: 0000000086> <Queue: AREA > <Client-RPC: 390695> /* Wed Dec 21 2011 18:14:13.9300 */-VL FAIL This is like troubleshooting via braille method. Is there another AREA/LDAP log or some way to log the bind and auth attempt on the REMEDY side? I've checked ARSList archives and the BMC KB's and can't find anything that I haven't already tried. I do see some really nice log examples (Knowledge Article ID: KA334262) that I *WISH* I could capture on the Remedy Side. I think they would tell me what I need to know to get this working. For now, all I can find is those two measly log lines above. Any suggestions on how to get AREA logging much more verbose on the *REMEDY SIDE*? Thanks in advance! JDHood _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org<http://www.arslist.org> attend wwrug12 www.wwrug12.com<http://www.wwrug12.com> ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com<http://www.wwrug.com> ARSlist: "Where the Answers Are"_ _attend WWRUG12 www.wwrug.com<http://www.wwrug.com> ARSlist: "Where the Answers Are"_ _attend WWRUG12 www.wwrug.com<http://www.wwrug.com> ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org<http://www.arslist.org> attend wwrug12 www.wwrug12.com<http://www.wwrug12.com> ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
