Filtering a Corpoate LDAP

ScottKeller · ‎Jul 11, 2011

We are using a third party LDAP that is not AD. I do not have any control of the entries as it is controlled by another department.

Our LDAP contains a ton of entries that are related to contactors and machines that should not show up as windchill users.

The show up in my Principal Admin and in WTUser pull-down menus in workflow assignments.

Has anyone out there been able to filter out entries from a non-AD corporate LDAP?

Thanks in advance for any help or advice.

Scott Keller

Kensey Nash Corporation

pwilliams-3 · ‎Jul 11, 2011

Create an LDAP group that should contain only user's who should have access to Windchill. Something like "windchill-users". Then configure your Enterprise LDAP adapter to only retrieve users from that group.

com.steelcase.EnterpriseLdap.windchill.mapping.user.filter: memberOf=CN=windchill-usr-dev,OU=Windchill,OU=Applications,OU=Services,DC=na,DC=steelcase,DC=net

Patrick Williams | Engineering Systems | o: 616.698.3766 | c: 616.947.2110
[cid:image001.jpg@01CC3FBC.702D99E0]

MikeLockwood · ‎Jul 11, 2011

A far simpler approach is to not touch Active Directory at all.

Instead, simply point Apache to active directory for the current correct password for each user account. This requires creating Windchill accounts in Windchill but frees the Windchill admin from caring about the corporate LDAP. We've been operating this way for 4 ½ years, with users at 11 different facilities around the world.

avillanueva · ‎Jul 11, 2011

Us too. Anyone can knock but only a select can come in.

ScottKeller · ‎Jul 12, 2011

We have tried this a few times and have not had much luck. I think its because we are not using Active Directory.