How do I configure the ARDBC and AREA LDAP user name?

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy AR System Server


    APPLIES TO:

    BMC Remedy AR System Server



    QUESTION:

    What value do I use for the ARDBC-LDAP-User-DN and ARDBC-LDAP-Password parameters in ar.cfg/ar.conf. For AREALDAP, this will be the AREA-LDAP-Bind-User and AREA-LDAP-Bind-Password parameters.

     


    ANSWER:

     

    Some LDAP servers allow Anonymous connections. If your LDAP server allows Anonymous connections, you can remove these parameters from the ar.cfg/ar.conf file and will still be able to use some of the ARDBC functionality. By default, Active Directories does not allow Anonymous connections.
    For AREALDAP, you must Bind (login) and so must provide these values.

    Exchange Server will allow Anonymous connections but unless specifically configured, not all attributes will return data.

    If you use the ARDBC-LDAP-User-DN parameter you should also provide the ARDBC-LDAP-Password parameter. The password is assumed to be encrypted so should be added via the LDAP ARDBC Configuration Form provided.
    This is also true of the AREA-LDAP-Bind-User and AREA-LDAP-Bind-Password parameters for AREA using the AREA LDAP Configuration Form.



    For OpenLDAP and most LDAP servers, you should use a standard distinguished name such as cn=manager, dc=remedy, dc=com for the LDAP User name.

    For Active Directories, the value should be the actual login name, not the distinguished name, of a user with appropriate permissions. For example if the 'Administrator' user on the LDAP server box will be the ARBDC login, simply use a value of 'Administrator'. If you will be using a domain account you can use \\ such as 'JETSONS\\Administrator'

    For Exchange Server 5.5, you should use the distinguished name format. If the server or domain account that has the appropriate permissions does not exist in the Exchange Server Recipients list, you may need to add it.
    For example, the Exchange Server 5.5 on server WARP has a local administrator account, 'Administrator' that does not exist in the Exchange Server database. From the Exchange Administrator program, add a new Recipient with a Display Name of 'Administrator' and use the Primary NT account of 'Administrator'. The distinguished name for this user should be cn=Administrator, cn=Recipients,ou=NTENSE, o=WARP. This is the value I use for the ARBDC-LDAP-User-DN parameter. Note that Exchange Server 5.5 permissions are a bit complex and must be configured properly.

      
        

     


    Article Number:

    000028758


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles