Error: Invalid spaceKey on retrieving a related space config.

Configuring the AREA LDAP plug-in

To configure the AREA LDAP plug-in, use the AREA LDAP Configuration form in the AR System Administration Console. BMC Remedy AR System supports multiple AREA LDAP configurations.

Before configuring the AREA LDAP plug-in, set up user and group information in an LDAP directory service. Then, use the following procedure to enter the settings into the AREA LDAP Configuration form.

To configure settings for the AREA LDAP plug-in

These are server specific settings. In a server group environment, apply these settings on each server.

  1. In the AR System Administration Console, click System > LDAP > AREA Configuration. The AREA LDAP Configuration form appears.

    AREA LDAP configuration form (Click the image to expand it.)

    If any AREA LDAP server configurations are configured for your AR System server, they are displayed in the Configuration List at the top of the form. When BMC Remedy AR System attempts to authenticate a user, it searches each LDAP server configuration in the list.
  2. In the Configuration List, perform one of these actions:
    • To create a configuration, click Clear Fields. All fields in the form are cleared.
    • To modify a configuration, select it in the list. The fields in the form are populated with data from that configuration.
  3. In the Directory Service Information section, fill in (for new configuration) or change (for modified configuration) the values in these fields:
    • Host Name — Name of one or more servers on which the directory service is hosted. You can specify a space-separated list of host names up to 255 characters long. Starting with the first host name in the list, BMC Remedy AR System tries to connect to each server until it is successful.
    • Port Number — Number of the port on which the directory service is listening.
    • Bind User — Distinguished name for this configuration. The distinguished name is the name for a user account that has read permissions and can search the directory service for user objects.
    • Bind Password — Password for the distinguished name specified for the Bind user.
      Maxium length —30 characters
    • Use Secure Socket Layer? — Yes/No toggle field. To specify an SSL connection to the directory service, select Yes to enable the Certificate Database field.
    • Certificate Database — The absolute path to the certificate datastore and the name of the .jks file. For example: C:\certificate\certdb.jks.  
    • Failover Timeout — Number of seconds in which the directory service must respond to the plug-in server before an error is returned. Minimum value is 0 (connection must be made immediately). This value cannot be higher than the value of the External-Authenticaion-RPC-Timeout parameter.
    • Chase Referral — Yes/No toggle field. When the AREA LDAP plug-in sends a request to a directory server, the server might return a referral to the plug-in if some or all of the requested information is stored in another server. Attempting to chase the referral by connecting to the other server can cause authentication problems. By default, referrals are not chased. Yes enables automatic referral chasing by the LDAP client. No prevents referral chasing.

      Note

      This option is only for Microsoft Active Directory servers. Select No for all other directory servers.

      Important

      BMC Remedy AR System does not support referrals that use a domain name rather than a host name as a reference. When Active Directory automatically configures referrals (such as when a trust or parent/child domain relationship is created), it uses a domain name in the referral. Therefore, such referrals do not work in BMC Remedy AR System even when Chase Referral is set to Yes.

  4. In the User and Group Information section, fill in or change the values in these fields:
    • User Base — Base name of the search for users in the directory service (for example, o=remedy.com ).
    • User Search Filter — Search criteria for locating user authentication information. You can enter the following keywords in this field. At run time, the keywords are replaced by the values they represent. $\USER$ — Name of the user logging in (for example, uid=$\USER$ ). $\DN$ — Distinguished name of the user logging in. $\AUTHSTRING$ — Value users enter in the Authentication String field when they log in. $\NETWORKADDR$ — IP address of the AR System client accessing the AR System server.
    • Group Membership — If this user belongs to a group, select Group Container; otherwise, select None. When None is selected, the Group Base, Group Search Filter, and Default Group(s) fields are disabled.
    • Group Base — Base name of the search for groups in the directory service that includes the user who is logging in (for example, ou=Groups ).
    • BMC Remedy AR System performs a subtree search within the group you specify.
    • Group Search Filter — Search criteria for locating the groups to which the user belongs. For the user's distinguished name, enter the keyword $\DN$ (for example, uniqueMember=$\DN$ ). At run time, $\DN$ is replaced with the distinguished name.
    • Default Group(s) — If the search finds no matching groups, the group specified in this field is used.
  5. In the Defaults and Mapping Attributes to User Information section, perform these actions:
    1. In the LDAP Attribute Name column, enter the corresponding LDAP attribute names for the following AR System fields.
    2. In the Default Value If Not Found In LDAP column, select or enter a default value for each field if no value is found in the directory service.
      • License Mask— Number for the license mask. The license mask specifies whether the AREA plug-in overrides existing information from the User form for write and reserved licenses. It also specifies which license types are overridden by the value returned by the plug-in. Use a number from the following table. An X in a license type column means that the value returned from the plug-in overrides that license in the User form for the specified user.

        License mark numberOverridden license types
        ApplicationFTSReservedWrite
        0----
        1---X
        2-X--
        3-X-X
        4--X-
        5--XX
        6-XX-
        7-XXX
        8X---
        9X--X
        10XX--
        11XX-X
        12X-X-
        13X-XX
        14XXX-
        15XXXX
      • Write License — Type of AR System license assigned to the user (Read, Floating, or Restricted Read).
      • Full Text Search License — Type of FTS license assigned to the user.
      • Reserved License — License type to select for a reserved license.
      • Application License — Name of the application license granted to the user.
      • Email Address — Default email address for notifications sent to the user.
      • Default Notification Mechanism — Notification method used in your environment (none, alert, email, or default).
      • Roles List — Name of the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles to the Default Value If Not Found In LDAP field.
  6. Click Save Current Configuration. The system updates the AR System configuration settings with the parameters you specified in this form.
  7. (Optional) To change the order in which BMC Remedy AR System searches the listed configurations when attempting to authenticate a user, do this:
    1. In the Configuration List, select the appropriate configuration.
    2. Click one of these buttons:
      • Decrease Order — Moves the selected configuration down in the authentication attempt order.
      • Increase Order— Moves the selected configuration up in the authentication attempt order.

        Note

        For the changes to take effect, restart your AR System server.

To add a new configuration for the AREA LDAP plug-in

  1. In the BMC Remedy AR System Administration Console, select System > LDAP > AREA Configuration.
    The AREA LDAP Configuration form is displayed.
  2. Click Clear Fields.
    All fields on the form are cleared.
  3. Click DeSelect All.
    The highlights on the configurations listed in the Configuration List section are removed.
  4. Add new information in the Directory Service Information sub-section and in the Defaults to Mapping Attributes to User Information sub-section in the Configuration Detail section.
  5. Click Save Current Configuration.
    A new configuration is added for the AREA LDAP plug-in. 

To delete configurations for the AREA LDAP plug-in

  1. In the AR System Administration Console, click System > LDAP > AREA Configuration. The AREA LDAP Configuration form appears.
  2. In the Configuration List, select the configuration to delete.
  3. Click Delete Configuration. The system removes the corresponding parameters from the AR System configuration settings.

    Note

    For the changes to take effect, restart your AR System server.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Ariel Manka

    It's really not a good practice to make the documentation less and less detailed from one release to another. For example, documentation for v8.1 contains detailed steps to configure SSL for AREA plugin. For some reasons these instructions don't exist in the documentation for  v9.1 (https://docs.bmc.com/docs/display/public/ars81/Enabling+LDAP+plug-ins+for+SSL+connections+post-installation)

    Apr 24, 2016 01:44
    1. Prachi Kalyani

      Hello Ariel,

      The topic Enabling LDAP plug-ins for SSL connections post installation still exists.  Following is the link to the topic:

      https://docs.bmc.com/docs/display/public/brid91/Enabling+LDAP+plug-ins+for+SSL+connections+post-installation

      We have moved it to the BMC remedy ITSM Deployment space.

      All the information related to installation and upgrade is present in BMC Remedy ITSM Deployment documentation.

      Apr 25, 2016 01:41
      1. Ariel Manka

        Hi Prachi,

         

        Thanks for pointing me to that location. I'm still calling it very confusing that same topic is covered in many places. LDAP is not just ITSM configuration requirement. It would fit better in the ARS post installation steps in my opinion.

        Please also take note of the incorrect instructions for the "Certificate Database" field.

         

        Regards,

        Ariel

        Apr 25, 2016 01:51
        1. Prachi Kalyani

          Hello Ariel,

          The BMC Remedy ITSM Deployment documentation is not only for ITSM. The documentation contains complete install and upgrade information for entire ITSM suite, that includes BMC Remedy AR System, BMC Atrium Core, ITSM.

          And regarding the Certificate Database field, I am verifying the information with the technical team. I will get back to you on this soon.

          Thanks,

          Prachi

          Apr 25, 2016 04:40
        1. Prachi Kalyani

          Hello Ariel,

          I have updated the documentation for Certificate Database field.

          Thanks,

          Prachi

          Apr 25, 2016 05:13
        1. Jason Miller

          I agree. I have also been having trouble with the fact that AR topics tend to be in ITSM or "brid" locations.

          Sep 28, 2016 06:52
  2. Jason Miller

    Is it true that allocate Fixed licenses in the License Mask? This page states:

    • Write License — Type of AR System license assigned to the user (Fixed, Read, Floating, or Restricted Read).

    But the AREA LDAP Configuration form does not have  1: Fixed as an option.

    Sep 28, 2016 06:57
    1. Prachi Kalyani

      Hello Jason,

      Thank you bringing this to our notice. AREA LDAP configuration does not have Fixed as an option.

      I have updated the topic.

      Thanks,

      Prachi

      Sep 29, 2016 06:39
      1. Jason Miller

        Thanks!

        Sep 29, 2016 03:51
  3. Andreas Mitterdorfer

    Can you add a note on AREA configuration in a server group? Or on https://docs.bmc.com/docs/display/public/ars91/Configuring+server+groups add an AREA section?

    This page doesn't mention that the config needs to be done on each node of the group and i think this should be noted somewhere.

    Same is true for ARDBC

    Mar 27, 2017 07:03
    1. Anagha Deshpande

      Hello Andreas,

      I will check with SME and will inform you.

      Regards,

      Anagha 

      Mar 27, 2017 11:20
      1. Anagha Deshpande

        Hello Andreas,

        I have added a note to this topic. Also have added a note to Configuring the ARDBC LDAP plug-in topic. 

        Regards,

        Anagha

        Mar 29, 2017 02:14
  4. Andreas Mitterdorfer

    Thx Anagha (smile)

    Mar 29, 2017 02:16
  5. Timothy Mobley

    The article says, "BMC Remedy AR System supports multiple AREA LDAP configurations." But it doesn't say how to do this. In the screenshot the article shows three host names in the configuration list, but I can't see how to add to the list.

    Nov 15, 2018 08:46
    1. Anagha Deshpande

      Hello Timothy,

      We are working on your query. We will respond shortly.

      Regards,

      Anagha

      Nov 15, 2018 09:11
      1. Marcus Carvalho

        Hi, We could not find how to add to the list as well. Is there any documentation about that? Regards, Marcus

        Feb 13, 2019 07:48
        1. Anagha Deshpande

          Hello Marcus,

          We are working on your query. We will respond shortly.

          Regards,

          Anagha

          Feb 13, 2019 10:40
          1. Arturo Anaya

            This can be done, following the below steps:

            Before adding a new LDAP configuration: 1) Click on "Clear Fields" button. 2) Click on "DeSelect All" button (You should see that the entry is not highlighted anymore). 3) Add your new information, when you finish click on "Save Current Configuration".

            You need to ensure that the previous configuration is not selected before clicking on "Save Current Configuration" button.

            Mar 25, 2019 03:56
            1. Onkar Telkikar

              Hello Arturo,

              Thank you for your inputs on this. I have added the steps for adding a new LDAP configuration in this topic.

              Regards,
              Onkar

              Mar 27, 2019 04:40