ar.cfg or ar.conf options A-B

Directory in which active link server run processes are stored. Only commands in the specified directory can be run. This is a security feature that ensures clients or API programs use only a safe set of server processes.

The Security area on the Advanced tab of the AR System Administration: Server Information form. (See Setting performance and security options.)

(UNIX only) Parent shell of any active link server process. This parameter causes the server to start the shell with the specified process as a parameter. This is a security feature. The specified shell might be a security shell that verifies a path or runs with a user ID other than the one the server uses. For example, if the server runs as root and an administrator specifies a shell that runs as a lower user privilege, an active link invokes the shell that runs as a user instead of as root. Because the AR System server passes the shell command to the Active-Link-Shell as a single string without any other command-line arguments, the command parameters can often get interpreted incorrectly. The AR System server does not know which custom shell is supposed to be used for active link processing, so it does not know how to supply all of the necessary arguments. In order to avoid this and use the Active-Link-Shell Feature correctly, follow the steps listed below:

1. Determine what your desired shell is, and how to invoke it passing a single command line. If the desired shell is /bin/csh, the correct way to invoke with a single command line is

   "/bin/csh" "-c" "process command"

2. Write a /bin/sh script that invokes your custom shell in the required manner, as shown below:

   #!/bin/sh
   # Usage:
   #    /path/to/arsystem-csh-helper process-command
   # Pass process-command as a command line to /bin/csh.
   #
   # use "$*" preserve argument as a single string
   exec /bin/csh -c "$*"

3. Put the script in a location where the AR System server will be able to call it. For example, local utilities are often installed in a directory named /usr/local or /usr/local/bin. Another good location might be the AR System server installation directory. Be sure to mark the new program executable:

   # cp arsystem-csh-helper /usr/local/arsystem-csh-helper
   # chmod 755 /usr/local/arsystem-csh-helper

4. In the AR System server configuration, change the Active-Link-Shell to be the new program /usr/local/arsystem-csh-helper

Flag indicating whether only administrators and subadministrators can access the server. Values are

• T — Admin-only mode is on.
• F — (Default) Admin-only mode is off.

Flag indicating whether the BMC Remedy AR System server accepts guest users (users not registered with BMC Remedy AR System in a User form). Values are

• T — (Default) Allow guest users. Unregistered users have no permissions but can perform some basic operations. For example, they can submit requests to forms to which the Public group has access and whose fields allow any user to submit values.
• F — Do not allow guest users. Unregistered users have no access to the system.

In 9.1.02, the default value is set to F.

Flag indicating whether unqualified searches can be performed on the BMC Remedy AR System server. Unqualified searches are ARGetListEntry or ARGetListEntryWithFields calls in which the qualifier parameter is NULL or has an operation value of 0 (AR_COND_OP_NONE ). Such searches can cause performance problems because they return all requests for a form. This is especially problematic for large forms. Values are

• T — (Default) Allow unqualified searches.
• F — Do not allow unqualified searches.

In 9.1.02, the default value is set to F.

Full path name of the file to use if API logging is on (See  Debug-mode).

A bit mask value indicating options selected.

Values are

• 1 (first bit is set) — Enables the console display. This displays the API and SQL events in the console when an automatic save is triggered and when you click one of the Save buttons:
  • Save Completed API
  • Save Completed SQL
  • Save Pending API
  • Save Pending SQL
  This is a debugging aid that is available if you are running the server from a command window.
• 2 (second bit is set) — Enables exception logging, where all API and SQL calls that exceed the value specified in the Minimum Elapsed Time option are recorded in in exception log file.

Type that specifies the logging level for the approval logs of the Approval server.

Values are

• NORMAL— Use this value to set the minimum logging level for approval logs.
  Note: When Approval-Debug-Type is set to NORMAL, only severe issues are written to the logs.
• ALL— Use this value to set the maximum logging level for the approval logs.

Default value: Normal 

Approval-Due-Soon¹

Interval at which the Approval Server polls the AR System server for pending work. This setting is intended as a backup method, not the primary contact method. Under normal circumstances, the AR System server or the Application Dispatcher (depending on the configuration) contacts the Approval Server when work is pending. When this option is specified, the Approval Server polls the AR System server only if it does not receive a signal from the AR System server in the specified time.

Specify the interval in seconds. Minimum is 30 seconds. Maximum is 3600 seconds (one hour).

If the interval value is not specified, the default value (1800 seconds or 30 minutes) is considered.

In a server group environment, the AR System server automatically sets the value of this parameter. The parameter value is based on the corresponding operational rankings and ownership.

Valid values:

T – Indicates that the Approval Server operation is not currently owned by the local AR System server and the server does not process Approval requests.

F – Indicates that the Approval Server operation is currently owned by the local AR System server and the server processes the Approval requests.

Warning:

If you change this setting manually, the AR System server may overwrite the manual setting.

Flag indicating whether logging for the appsignal library is enabled or disabled. By default, logging is disabled. To enable logging, add the following entry in the ar.cfg(ar.conf ) file:
AppSignal logging : T

Note: If this entry is missing from the file, the default value (AppSignal logging: F) is considered.

When you enable logging, the following log files are created in the db directory (installationDirectory/db for UNIX and installationDirectory\Arserver\db for Windows):

• For Approval Server: appSignalAPlog.log
• For Assignment Engine: appSignalAElog.log
• For Distributed Server Option (DSO): appSignalDSOlog.log

Maximum size (in bytes) of compressed attachments that can be sent to the AR System database from the AR System server. By preventing large attachments from being sent to the database, you can prevent excessive memory growth and reduce transmission time. This limit does not apply to attachments retrieved from the database by the AR System server. This option applies to all databases.

Note: To limit the size of compressed attachments that the server can retrieve from Oracle databases, use Db-Max-Attach-Size.

Base distinguished name (DN) to use instead of the root DN as the starting point for discovering vendor tables when you design vendor forms. For example: ARBDC-LDAP-Base-DN: CN=Users, DC=ldapesslab, DC=com

Size limit (in bytes) for the cache. For no size limit, set this to 0. The default is 32768 bytes.

Time limit (in seconds) that data remains cached. For no time limit, set this to 0. The default is 60 seconds.

Directory name of the certificate database. The cert8.db or cert7.db and key3.db certificate database files are in this directory. If the directory is not specified, the LDAP plug-in looks in the BMC Remedy AR System installation directory for these files. The path in this option is used only when ARDBC-LDAP-UsingSSL is set toT.

Flag that enables automatic referral chasing by LDAP clients. Values are

• T — Referrals are chased.
• F — (Default) Referrals are not chased.

This option is for Microsoft Active Directories only.

Host name of the system on which the directory service runs. If the host name is not specified, the ARDBC LDAP plug-in uses localhost as the host name. For example:ARDBC-LDAP-Hostname: server1.eng.remedy.com

Port number on which the directory service listens for clients.

Format of LDAP date and time data. Values are

• 0--Generalized Time Format (YYYYMMDDHHMMSSZ ) This format is recognized by all LDAP servers and is recommended.
• 1--AD Generalized Time Format (YYYYMMDDHHMMSS.0Z ) This format is recognized by Microsoft Active Directory servers only.
• 2--UTC Time Format (YYMMDDHHMMSSZ )

This historical format does not indicate the century. It is not recommended.

Distinguished name (DN) of the user account that the ARDBC LDAP plug-in uses to search and modify the contents of the directory service. For example: ARDBC-LDAP-User-DN: server1\admin

Flag indicating whether to establish a secure socket layer (SSL) connection to the directory service. Values are T and F. If you use LDAP over SSL, you must also specify the file name of the certificate database used to establish the connection.

Password of the user account that the AREA LDAP plug-in uses to find the user object when using the User Search filter. If the distinguished name (DN) is not specified, the AREA LDAP plug-in uses an anonymous login to find the user object. If the target directory service does not allow anonymous access, you must specify a DN and password; otherwise, the plug-in cannot determine the DN of the user.

The Bind Password field on the AREA LDAP Configuration form. (See Configuring the AREA LDAP plug-in.)

Distinguished name (DN) of the user account that the AREA LDAP plug-in uses to find the user object when using the User Search filter. If the DN is not specified, the AREA LDAP plug-in uses an anonymous login to find the user object. If the target directory service does not allow anonymous access, you must specify a DN and password; otherwise, the plug-in cannot determine the DN of the user. For example: AREA-LDAP-Bind-User: ldapesslab\admin

Directory name of the certificate database. The cert8.db or cert7.db and key3.db certificate database files are in this directory. If the directory is not specified, the LDAP plug-in looks in the BMC Remedy AR System installation directory for these files. This path is used only when ARDBC-LDAP-UsingSSL is set to T.

Flag that specifies whether referral chasing is performed by the AD server or the AREA LDAP plug-in. Values are

• T — Referral chasing is performed by the AD server.
• F — (Default) Referral chasing is performed by the AREA LDAP plug-in (via the third-party LDAP library).

This option is for Microsoft Active Directories only.

Note: To force referral chasing logic to be disabled, you must also specify the AREA-LDAP-Disable-Referral option. (See ar.cfg or ar.conf options A-B.)

Number of seconds that the plug-in waits to establish a connection with the directory service. The minimum value is 0, in which case the connection must be immediate. The maximum value is the External-Authentication-RPC-Timeout setting. If a value is not specified, this option is set to the value of the External-Authentication-RPC-Timeout option (by default, 40 seconds).

Flag that disables all referral processes by the AREALDAP plug-in. Values are

• T— Referrals are disabled.

  Note: This overrides the AREA-LDAP-Chase-Referral setting.

• F — (Default) Referrals are not disabled.
  For information about how the referrals are processed, see ar.cfg or ar.conf options A-B. The referral option is for Microsoft Active Directories only. When connecting to a non-Microsoft Active Directory, BMC recommends disabling referral processing.

Base of the LDAP directory to search groups from. To determine the option's values at runtime, use these keywords:

Note: The backslash (\) is required.

• $\USER$ — User's login name.
• $\DN$ — User's distinguished name. This applies only to the Group Base Name and Group Search Filter. It does not apply to the User Base name and User Search filter.
• $\AUTHSTRING$ — Value that users enter into the Authentication String field when they log in.
• $\NETWORKADDR$ — IP address of the AR System client accessing the AR System server.

LDAP search filter used to locate the groups to which the user belongs. To determine the option's values at runtime, use these keywords:

Note: The backslash (\) is required.

• $\USER$ — User's login name.
• $\DN$--- User's distinguished name. This only applies to the Group Base Name and Group Search Filter. It does not apply to the User Base Name and User Search Filter.
• $\AUTHSTRING$ — Value that users enter into the Authentication String field when they log in.
• $\NETWORKADDR$ — IP address of the AR System client accessing the AR System server.

Host name of the system on which the directory service runs. If no value is specified, the AREA LDAP plug-in uses localhost as the host name.

Attribute that specifies how to mask the license information returned from the AREA LDAP plug-in. Values are

• 0--No licenses returned from the AREA LDAP plug-in are used.
• 1--Write license from the plug-in is used.
• 4--Reserved license from the plug-in is used.
• 5--Reserved license and Write license from the plug-in are used.
• 8--Application license from the plug-in is used.
• 9--Application and Write licenses from the plug-in are used.
• 12--Application and Reserved licenses from the plug-in are used.
• 13--All licenses from the plug-in are used.

If the license is not used from the plug-in, the license information in the user's User entry is used.

Port number on which the directory service listens for clients.

Flag indicating whether to retrieve group information from the LDAP server. If this parameter is not set, group information from the AR System Group form is used.

User base in the LDAP directory to search for the user. To determine the option's values at runtime, use these keywords:

Note: The backslash (\) is required.

• $\USER$ — User's login name.
• $\DN$ — User's distinguished name. This only applies to the Group Base Name and Group Search Filter. It does not apply to the User Base Name and User Search Filter.
• $\AUTHSTRING$ — Value that users enter into the Authentication String field when they log in.
• $\NETWORKADDR$ — IP address of the AR System client accessing the AR System server.

LDAP search filter used to locate the user in the directory from the base that the AREA-LDAP-User-Base option specifies. To determine the option's values at runtime, use these keywords:

Note: The backslash (\) is required.

• $\USER$ — User's login name.
• $\DN$ — User's distinguished name. This only applies to the Group Base Name and Group Search Filter. It does not apply to the User Base Name and User Search Filter.
• $\AUTHSTRING$ — Value that users enter into the Authentication String field when they log in.
• $\NETWORKADDR$ — IP address of the AR System client accessing the AR System server.

Flag indicating whether to establish a secure socket layer (SSL) connection to the directory service. Values are T and F. If you use LDAP over SSL, you must also specify the file name of the certificate database used to establish the connection.

Specifies the total number of worker threads that process various approval requests.

The minimum value is 1. The maximum value is 4. The default value is 4.

Note: If the specified value is not within the maximum and minimum value, the default value is applied. If a value is not specified, this option is set to the default value.

In a server group environment, the AR System server automatically sets the value of this parameter. The parameter value is based on the corresponding operational rankings and ownership.

Valid values:

T — Indicates that the Assignment Engine operation is not currently owned by the local AR System server and the server does not process Assignment requests.

F — Indicates that the Assignment Engine operation is currently owned by the local AR System server and the server processes Assignment requests.

Warning:

If you change this setting manually, the AR System server may overwrite the manual setting.

Defines the attachments that cannot be attached in an entry operation.

Note: There is no difference between the Attachment-Exception-List parameter and the Attachment-System-Exception-List parameter at runtime. If a field on a form is defined under any of these parameters, it is skipped from validation. However, the only difference is that BMC adds an out-of-the-box list of fields on forms under the Attachment-System-Exception-List parameter and can overwrite this any time during the upgrade. The Attachment-Exception-List parameter is to be used by the customers and the installer does not modify it.

Mode that enables the administrator to use more than one type of authentication on the same system. Values are

• 0 (Off)--Use the default behavior. Users are authenticated based on the settings of Crossref-Blank-Password and Authenticate-Unregistered Users.
• 1 (ARS - AREA) — Use internal authentication as the primary method; use external authentication via the AREA plug-in as the secondary method.
• 2 (AREA - ARS) — Use external authentication via the AREA plug-in as the primary method; use internal authentication as the secondary method.
• 3 (ARS - OS- AREA) — If authentication fails in AR System (internal authentication), use the operating system authentication (for example, NT domain authentication). If the operating system fails, try external authentication (AREA).
• 4 (ARS - AREA - OS) — If authentication fails in AR System, try AREA. If AREA fails, try the operating system authentication.

Values 3 and 4 provide greater flexibility. For example, your external users might be authenticated with an AREA plug-in, and internal users might be authenticated by the NT domain.

In 9.1.02, the default value is set to 1.

 ARSYS.ARF.ATSSOCONFIRMPWD

Name of a plugin used by the BMC Remedy AR System server to confirm the user password information from the BMC Atrium Single Sign-On server.

In a server group environment, the AR System server automatically sets the value of this parameter. The parameter value is based on the corresponding operational rankings and ownership.

Valid values:

T — Indicates that the Business Rule Engine operation is not currently owned by the local AR System server and the server does not process Business Rules requests.

F — Indicates that the Business Rule Engine operation is currently owned by the local AR System server and the server processes Business Rules requests.

Warning:

If you change this setting manually, the AR System server may overwrite the manual setting.