Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X
We use Windows Active Directory for Windchill authentication.
We controll access within Windchill by groups/teams.
However, this does not stop unauthorized AD user from logging in.
They can login, but cannot see any Products or Libraries, which is good.
But I would like to stop them at the login screen.
Is this possible?
For example: Can I create a white list of the User ID's that are allowed to login?
Where would such a white list be defined?
Windchill Intralink 9.1.
Gerry Champoux
Williams International
Walled Lake, MI
Unfortunately, that is not an option for me.
The AD is not under my control.
The users are currently under several different branches (for other origanizational purposes).
Our AD admins won't allow a structure change to the branches.
Gerry
In Reply to Ryan Porzel:
Yes it is possible. You need to create a branch in your Windows Active
Directory and place the Windchill users in that branch. You then need to
update Apache and the JNDI adapter in Windchill to only look at that branch
for authentication.
Hope that helps!
On Wed, May 8, 2013 at 8:49 AM, Gerry Champoux
@<->wrote:
> We use Windows Active Directory for Windchill authentication.
> We controll access within Windchill by groups/teams.
>
> However, this does not stop unauthorized AD user from logging in.
> They can login, but cannot see any Products or Libraries, which is good.
> But I would like to stop them at the login screen.
> Is this possible?
> For example: Can I create a white list of the User ID's that are allowed
> to login?
> Where would such a white list be defined?
>
> Windchill Intralink 9.1.
>
> Gerry Champoux
> Williams International
> Walled Lake, MI
Our Windchill system is fully integrated with our corporate AD. There are a few things to keep in mind:
1. Authentication – This is what Apache does. If you want to authenticate through the AD, you will have to change the app-Windchill-Auth.conf file located in <windchill>\Apache\conf\extra to reflect active directory server and location to authenticate against. Sounds like this is ok.
2. Creating JNDI Adapter – This is the “hook” that you need in order to query your corporate AD. We can use this to help keep users out or at least cause Windchill to complain about the unauthorized user upon login. This is done from the SiteUtilitiesInfoEngine Administrator.
When creating\editing your JNDI adapter, key in on these properties: