We are a PTC partner working with an end customer (United Airlines) to implement an Arbortext CMS solution. United is using Active Directory and has several groups that have special characters in their names (#, /, ., etc.). None of these groups need direct access to Windchill. However users that need access are also members of these groups (apart from the groups that are configured with WC).
WC throws an error when authenticating these users and we've worked with PTC Support to configure a workaround using group filters in the JNDI Adapter. However the main limitation of the workaround is scalability. While it's an acceptable solution for a small number of users / groups, it's not a practical solution for a large organization like United that has thousands of users / groups in AD.
United has requested that PTC create a patch to resolve this issue for them that essentially would either ignore those special characters or ignore the groups that have these characters but are not directly configured with WC. In other words, just because a user happens to be a member of one of those groups even though that group is not configured for WC access, it shouldn't be considered an authentication error.
For more information on the issue and the solution provided by PTC Support, please refer Case C12326308. Client is on Windchill 10.0.
We would appreciate feedback on the feasibility of such a patch and also idea of timelines as soon as possible.