This documentation supports the 22.1 version of Action Request System.
To view an earlier version, select the version from the Product version menu.

Configuring the AREA LDAP plug-in

For individual servers and on a local level, you can use the AREA LDAP Configuration form in the AR System Administration Console to configure the AREA LDAP plug-in. If a local value does not exist, the form displays the global-level configuration. If you modify the value on this form, the local-level configuration value is modified. For example, if a configuration shows global-level value and you modify the value by using this form, the local level value gets created for the configuration.

Before configuring the AREA LDAP plug-in, set up user and group information in an LDAP directory service. Then, use the following procedure to enter the settings into the AREA LDAP Configuration form. In a server group environment, you must apply these settings on each server.

Best Practice

Alternatively, we recommend that you use the AR System Management Console to view and configure the AREA LDAP plug-in at global level. This screen provides a single location to manage configuration settings across the server group. To access the Server Group Configuration screen:

  1. In a browser, enter the following URL address:
  2. Log in.
  3. Select AR System Management Console > AR System Server Group Console> Server Group Configuration.

For more information about setting global and local level configurations, see Managing AR Server Group components by using global and local level configurations.

To configure settings for the AREA LDAP plug-in

  1. On the AR System Administration Console, select System > LDAP > AREA Configuration.
    The AREA LDAP Configuration form appears.
    AREA LDAP configuration form

    If any AREA LDAP server configurations are configured for your AR System server , they are displayed in the Configuration List at the top of the form. When  AR System  attempts to authenticate a user, it searches each LDAP server configuration in the list.
  2. In the Configuration List, perform one of these actions:
    • To create a configuration, click Clear Fields. All fields in the form are cleared.
    • To modify a configuration, select it in the list. The fields in the form are populated with data from that configuration.
  3. In the Directory Service Information section, fill in or change the values in these fields:
    • Host Name—Name of the server on which the directory service is hosted.
    • Port Number—Number of the port on which the directory service is listening.
    • Bind User—Distinguished name for this configuration. The distinguished name is the name for a user account that has read permissions and can search the directory service for user objects.
    • Bind Password—Password for the distinguished name specified for the Bind user. The maximum length is 30 characters.
    • Use Secure Socket Layer?—A Yes/No toggle field. To specify an SSL connection to the directory service, select Yes to enable the Certificate Database field.
    • Certificate Database—The absolute path to the certificate datastore and the name of the .jks file, for example, C:\certificate\certdb.jks.  
    • Failover Timeout—Number of seconds in which the directory service must respond to the plug-in server before an error is returned. The minimum value is 0 (connection must be made immediately). This value cannot be higher than the value of the External-Authenticaion-RPC-Timeout parameter.
    • Chase Referral—A Yes/No toggle field. When the AREA LDAP plug-in sends a request to a directory server, the server might return a referral to the plug-in if some or all of the requested information is stored in another server. Attempting to chase the referral by connecting to the other server can cause authentication problems. By default, referrals are not chased. Yes enables automatic referral chasing by the LDAP client. No prevents referral chasing.

      This option is only for Microsoft Active Directory servers. Select No for all other directory servers.


      AR System does not support referrals that use a domain name rather than a host name as a reference. When Active Directory automatically configures referrals (such as when a trust or parent/child domain relationship is created), it uses a domain name in the referral. Therefore, such referrals do not work in AR System even when Chase Referral is set to Yes.

  4. In the User and Group Information section, fill in or change the values in these fields:
    • User Base—Base name of the search for users in the directory service (for example, ).
    • User Search Filter—Search criteria for locating user authentication information. You can enter the following keywords in this field. At run time, the keywords are replaced by the values they represent.
      • $\USER$—Name of the user logging in (for example, uid=$\USER$ ). 
      • $\DN$—Distinguished name of the user logging in.
      • $\AUTHSTRING$—Value users enter in the Authentication String field when they log in.
      • $\NETWORKADDR$—IP address of the AR System  client accessing the AR System server .
    • Group Membership—If this user belongs to a group, select Group Container; otherwise, select None. When None is selected, the Group Base, Group Search Filter, and Default Group(s) fields are disabled.
    • Group Base—Base name of the search for groups in the directory service that includes the user who is logging in (for example, ou=Groups ). AR System  performs a subtree search within the group you specify.
    • Group Search Filter—Search criteria for locating the groups to which the user belongs. For the user's distinguished name, enter the $\DN$ keyword (for example, uniqueMember=$\DN$ ). At run time, $\DN$ is replaced with the distinguished name.
    • Default Group(s)—If the search finds no matching groups, the group specified in this field is used.
  5. In the Defaults and Mapping Attributes to User Information section, complete these steps:
    1. In the LDAP Attribute Name column, enter the corresponding LDAP attribute names for the following AR System  fields.
    2. In the Default Value If Not Found In LDAP column, select or enter a default value for each field if no value is found in the directory service.
      • License Mask—Number for the license mask. The license mask specifies whether the AREA plug-in overrides existing information from the User form for write and reserved licenses. It also specifies which license types are overridden by the value returned by the plug-in. Use a number from the following table. An X in a license type column means that the value returned from the plug-in overrides that license in the User form for the specified user.

        License mark numberOverridden license types
      • Write License—Type of AR System  license assigned to the user (Read, Floating, or Restricted Read).
      • Full Text Search License—Type of  FTS  license assigned to the user.
      • Reserved License—License type to select for a reserved license.
      • Application License—Name of the application license granted to the user.
      • Email Address—Default email address for notifications sent to the user.
      • Default Notification Mechanism—Notification method used in your environment (none, alert, email, or default).
      • Roles List—Name of the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles to the Default Value If Not Found In LDAP field.
  6. Click Save Current Configuration.
    The system updates the AR System  configuration settings with the parameters you specified in this form.
  7. (Optional) To change the order in which AR System  searches the listed configurations when attempting to authenticate a user, do this:
    1. From the Configuration List, select the appropriate configuration.
    2. Click one of these buttons:
      • Decrease Order—Moves the selected configuration down in the authentication attempt order.
      • Increase Order— Moves the selected configuration up in the authentication attempt order.

    3. For the changes to take effect, restart your AR System server .

To add a new configuration for the AREA LDAP plug-in

You can add multiple configurations for the AREA LDAP plug-in. The AREA LDAP plug-in tries to connect to each of the configurations according to the order specified until the authentication is successful. You can change the authentication attempt order of the configurations by clicking Decrease Order or Increase Order on the AREA LDAP Configuration form.

Perform the following steps:

  1. In the Remedy AR System Administration Console, select System > LDAP > AREA Configuration.
    The AREA LDAP Configuration form is displayed.
  2. Click Clear Fields.
    All fields on the form are cleared.
  3. Click DeSelect All.
    The highlights on the configurations listed in the Configuration List section are removed.
  4. In the Directory Service Information and Defaults to Mapping Attributes to User Information subsections of the Configuration Detail section, add new information.
  5. Click Save Current Configuration.
    A new configuration is added for the AREA LDAP plug-in.

To delete configurations for the AREA LDAP plug-in

  1. In the AR System Administration Console, select System > LDAP > AREA Configuration.
    The AREA LDAP Configuration form appears.
  2. In the Configuration List, select the configuration to delete.
  3. Click Delete Configuration.

    The system removes the corresponding parameters from the AR System configuration settings.

  4. For the changes to take effect, restart your  AR System server .
Was this page helpful? Yes No Submitting... Thank you


  1. Tord Nilsson

    For a container environment is this really correct as we do not have any C: and certificates is handled a bit different. Please advice! "Certificate Database—The absolute path to the certificate datastore and the name of the .jks file, for example, C:\certificate\certdb.jks. "

    Oct 16, 2023 11:25