The query that Windchill sends to LDAP at user login is similar to:
'(&(objectclass=ORGANIZATIONALPERSON)(!(|(uid=*#*)(uid=*/*)(uid=*<*)(uid=*\5c*)(uid=*>*)))(uid=*)(uid=xxxxxxxx))' |
to someone familiar with LDAP queries, there are things in there that are superfluous and can be removed (or checked by Windchill before querying LDAP).
The existing query asks for directory entries with the presented userid, but only if that userid is non-blank (uid=*) and does not contain (# / > \). Both those conditions can be checked by the Windchill code when the user enters the userid, and the login terminated there. Once that is done, the query can be simplified to:
'(&(objectclass=ORGANIZATIONALPERSON)(uid=xxxxxxxx))' |
Other PTC products (WQS, for example) successfully use the simpler query.
Please remove the extra crud, or else give the customer a supported way to do it.
