cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Every time I login to ThingWorx, My user is removed from Administrators group and I couldnot do any admin tasks.

vshanmugavelayu
11-Garnet

Every time I login to ThingWorx, My user is removed from Administrators group and I couldnot do any admin tasks.

I created a new Group called "OrgAdmins" and added the group under "Administrators". I added few users into "OrgAdmins" group. now, when I login for the first time, my user is automatically removed from "OrgAdmins" group and I do not have access to perform any admin tasks.

9 REPLIES 9
AnnaAn
14-Alexandrite
(To:vshanmugavelayu)

Hi Varunraj,

Did you enable the Directory Service and did the group mapping?

Check it under Security->Directory Services->open the Directory Service you imported if it exists, check if it's enabled and then check the Configuration like Group Mappings.

Br,

Anna

Hi Anna,

Thanks for the reply. I just checked the AD and I have 2 active directory. one is enables(which is what I use) and another disabled (I disabled it intentionally). On the Configuration section of the enabled AD, I did not do any group mapping. when I just tried to do so, the AD group is disabled and doesnot show any group.

I have configured ThingWorx such that all users in my organization can login to ThingWorx.And then I will grant access by adding them to specific groups. pls suggest if any thing is wrong?

AnnaAn
14-Alexandrite
(To:vshanmugavelayu)

Hi Varunraj,

When your AD server is connectable, try to run GetDomainGroups service under your directory service, and then go back to Configuration tab, you should configure the Group mapping then. Give a correct mapping(especially the one you logged in with ) and try again. If not work also you could try to disable Directory service to see if the issue is gone to check if it's relevant to the Directory service.

Thanks,

Br,

Anna

Hi Anna,

I just tried as you suggested. When the AD is disabled, I am able to login with the user and could see all access as defined. But the moment i enable AD, I get removed from groups.

Also, when I execute the GetDomainGroups service, I get an error "Unable to Invoke Service GetDomainGroups on StrykerGlobalActiveDirectory : Unbalanced parenthesis"

Below is the screen shot of my AD configuration.AD.JPG

AnnaAn
14-Alexandrite
(To:vshanmugavelayu)

Hi Varunraj,

Not quite sure but it seems like you are not well connected to the AD server or the search filter is not correct.

Could you check if you set the Distinguished Name correctly? On my side, I set the User Base Distinguished Name like:

CN = Users,DC=demo2005,DC=myentreprise,DC=com

Thanks,

Br,

Anna

Hi Anna,

in my case the "User Base Distinguished name" is "DC=myentreprise,DC=com"

AnnaAn
14-Alexandrite
(To:vshanmugavelayu)

Hi Varunraj,

Please make sure you have correctly configured it according to your LDAP directory structure.

Here is snapshop from my side:

My users/group are contained under Users folder.

So my Domain Distinguished Name and User Base Distinguished Name is CN=uSERS,DC=demo2003,DC=entreprise,DC=com

Just for your reference.

Thanks,

Br,

Anna

Hi Anna,

Thanks for that input. I have kept the "User Base Distinguished Name" simlor (DC=entreprise,DC=com) to Windchill server configuration and in Windchill it works well without any issue. I will still check with the AD team to see if i am making any mistake.

Anna,

in my company we have multiple OU's under the "DC=entreprise,DC=com" where users are managed. so I cannot give a single OU (like cn=Users) as defined by you. Pls help.

Announcements


Top Tags