cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Help using LoadFromFile utility....

JosephCugini
1-Newbie

Help using LoadFromFile utility....

I have had no luck attempting a simple task of using the LoadFromFile
utility to create an access control rule in the
Organization/PDM/<product> domain. All I wanted to do is to manually
delete a policy (which I did) and then use the loader to add it back.
Can someone point out what I'm missing? My organization name is CSE and
the Product is INFOSEC. I'm pretty sure it has something to do with the
<csvdomain> but I'm lost.....









<nmloader>

<csvaccessrule handler="wt.load.LoadUser.createAccessRule">

<csvuser></csvuser>

<csvdomain>/Default/PDM/INFOSEC</csvdomain>

<csvtypeid>wt.change2.WTChangeProposal</csvtypeid>

<csvpermission>+</csvpermission>

<csvprincipal>Change Admin I</csvprincipal>

<csvpermissionlist>7/2/1/0</csvpermissionlist>

<csvstate>ALL</csvstate>

</csvaccessrule>

</nmloader>





The command I'm using to execute is:

>windchill wt.load.LoadFromFile -d
D:\ptc\Windchill_9.1\Windchill\loadFiles\infosec_rules.xml -CONT_PATH
"/wt.inf.conainer.OrgContainer=CSE/wt.pdmlink.PDMLinkProduct=INFOSEC\"







17 REPLIES 17

Joseph,

The issue might be that you are using "/Default/PDM/INFOSEC" as the value for csvdomain. I believe that since in the loadFromFile command you have specific the domain to load the ACL, all you need for the value in <csvdomain> tag is just /Default. This is the default context you would like to load the ACL into. I have not done this in awhile, but give that a try.

Hope this helps.

Alexius C. Chukwuka
Infrastructure Analyst, Global SAP Basis - TCM
Deere & Company World Headquarters
400 19th St, Moline, IL 61265

I spent about 36 hours figuring this very same thing out. If I told PTC
what the problem was then they would fix it and I couldn't make money
selling my loader haha.



Ok, so here's the scoop: Aside from spelling container wrong in the
CONT_PATH, someone thought it be cute to half arse architect a solution but
not update the loaders. It stems from a move between having
context/container teams configuration placed partially in ldap and the
database. Now everything in 9.x got moved to the database tier. Loader is
still designed for 8.0 architecture. It works with groups and specific
users, not roles. Only way to use roles is via template before the
organization, or product,project,or library are created.



In short, what you are doing will not work because the role is used in an
attempt to be looked up by the OrganizationServicesHelper Java API, but it
returns null as the group ahhem role doesn't exist in ldap. Wtroleprincipal
is a special type of wtgroup.



I reversed engineered wt.load.LoadUser.createAccessRule which is an alias to
the StandardAccessControl service method that creates the rules. The
WTRolePrincipal object is not created by the loader as it is in the applet
UI. The key to the loader working is to not only create the wtroleprincipal
for the role, but then be able to actually query for it also. The key thing
to understand is that if you have never created an ACL against a role using
the UI, it's not going to be present in the wtroleprincipal table.



You could file an SPR on this. I didn't waste my time as the loaders are
considered second class priority by PTC. They really do not want you using
them. In fact, I have heard they are working on a whole new set of loaders
just for use by global services because of the disconnects in the ootb load
from file framework. They are even making an attempt to license the BIF
which is 'build integration framework' ; for some it might be worth it,
others like myself, well I build own tools.



Also, I see you are running this on windows: escape the quotes for CONT_PATH
where "/ becomes \"/ and " becomes \"





Good luck.




David,

Thank you for the explanation. I went back and reviewed your recent
posts on this subject and after using the correct syntax for domain (as
another user pointed out), received the message "Principal Change Admin
I" not found. Sounds like the issue you were describing.



Here is how I found myself interested in using the LoadFromFile utility.
Being new to Intralink 9.1 I've been learning the system and going
through exercises to better understand how things work. I started to
get a handle on how access control policies were used with Roles, how
Products inherit policies and how Product templates could be saved and
reused. I moved a number of the OOTB policies up one level to the
Org/PDM domain so that they would be inherited by all Products. I then
created and exported the Product as a template. During these learning
exercises I had created a number of Products that I no longer wanted
(and of course cannot delete). I decided to drop the database and
rebuild to an OOTB configuration. After the rebuild the first thing I
did was import my Product template and create a new Product. Everything
so far looked great until I realized that all the ACL's that I had
placed at the ORG/PDM domain were no longer there. This is where I had
one of those slap your forehead moments. I created a Product Template
(include it's ACL's), I didn't backup the ACL's at the ORG/PDM domain!
Then I got to thinking, how exactly does one export/recreate policies
that are at a context higher than the Product/Library. This is why I
started looking up bulk loading of ACL's.



How do others handle testing and deployment of numerous ACL's?
Especially if the your implementation has lots of Products. If the
LoadFromFile does not work is our only option to manually create them in
the policy manager?


Add them to an Organization template, but do not create the organization name you desire as default during installation. Create it afterwards.


As far as we were ever able to find out (guides, tech support, posts like this) there is no way to mass delete ACL's, only Load. And, the Load gets stuck if any are already there and doesn't give any real indication of what loaded successfully and what did not.

ACL's are absolutely the best chess game in the system (actually a lot like combined chess, checkers, Sudoku, Chinese Checkers, Parchesi, Poker, backgammon, hide and seek and a few other fun games all together).

Putting all possible at Org level instead of each Product/Library is something we've also been passionate about and it has paid off well over time in much less maint. Note: A very powerful tool is to use the "Private" option for any Products / Libraries which need to be different; this keeps them from inheriting from Org/PDM level.

During development of our PDMLink 9.1 system, if we wanted to promote a
lot of access rule changes all at once without a complete system refresh,
then we would make an XML load version of ALL rules, make sure to load the
new libraies and folders and groups and roles first. Then we would use
SQL to simply delete all of the access rules and reload all of them. It
was an all or nothing deal since we could not "remove" anything with the
loaders.

Al Anderson





"Lockwood,Mike,IRVINE,R&D" <mike.lockwood@alconlabs.com>
05/26/2011 01:13 PM
Please respond to
"Lockwood,Mike,IRVINE,R&D" <mike.lockwood@alconlabs.com>


To
Joseph Cugini <->, "-"
<->
cc
"-" <->
Subject
[solutions] - RE: Help using LoadFromFile utility....



Has anybody successfully upgraded their production 9.1 Windchill system using Aphelion, to Windchill DS.

We have been trying to do this with PTC's help but no luck.

Just wanted to hear of any successes or failures.

Bill

Yes, we've successfully upgraded a number of 9.1 systems from Aphelion to WindchillDS. These have included both Windows based systems and Unix based system.

-- Shawn

We just upgraded a month ago, no problems.



On May 26, 2011, at 6:32 PM, "Kunz,William,IRVINE,R&D" <william.kunz@alconlabs.com> wrote:

> Has anybody successfully upgraded their production 9.1 Windchill system using Aphelion, to Windchill DS.
>
>
>
> We have been trying to do this with PTC's help but no luck.
>
>
>
> Just wanted to hear of any successes or failures.
>
>
>
> Bill
>
>
> This e-mail (including any attachments) is confidential and may be legally privileged. If you are not an intended recipient or an authorized representative of an intended recipient, you are prohibited from using, copying or distributing the information in this e-mail or its attachments. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete all copies of this message and any attachments.
>
> Thank you.
>
> Site Links: View post online View mailing list online Send new post via email Unsubscribe from this mailing list Manage your subscription
>
> Use of this email content is governed by the terms of service at:
> http://portal.ptcuser.org/index.php?module=sthtml&op=load&sid=s1_010_tos

It is pretty much straight forward, you might need help of TPI 146332.
Stop Aphelion service
Take command line export
Install WindchillDS with same base dn(o=com-name) as it was in Aphelion
Apply TPI 146332 to migrate ldif file
import it in WDS...
Start WindchillDS

Its done..its same on Win and Unix

Rohan Kalbhor
Email:-
<http://plmdays.blogspot.com">http://rohankalbhor.blogspot.com>http://plmdays.blogspot.com



On Fri, May 27, 2011 at 4:13 AM, Shawn Lothrop <
slothrop@boston-engineering.com> wrote:

> Yes, we've successfully upgraded a number of 9.1 systems from Aphelion to
> WindchillDS. These have included both Windows based systems and Unix based
> system.
>
> -- Shawn
>
>

Hi,



Find attached a step-by-step procedure used to migrate Aphelion to WDS for
Windows. Hope it helps



Sincerely,

David BOURCIER

Windchill Administrator



De : rohan kalbhor [

Bill,

Yes, I did the migration during our 9.1 M060 upgrade and it was relatively simply and went smoothly. Not sure what issues you might be having though. More details might help.

Thanks

Alexius C. Chukwuka
Infrastructure Analyst, Global SAP Basis - TCM
Deere & Company World Headquarters
400 19th St, Moline, IL 61265
Office: (309) 765-3133
Mobile: (803) 429-5336

From: Kunz,William,IRVINE,R&D [

Just did four systems successfully in the last few months. We are using 9.1 M060.

Rey

From: Kunz,William,IRVINE,R&D [

Forgot to attach the doc that we use. Hope this helps.

From: Kunz,William,IRVINE,R&D [

Well we finally got it to work with some diligent investigation and help from PTC.

And like everybody said, "It is real simple", except:

There is one small requirement to import a converted ldif file into DS that is not documented.

You cannot have a non numeric value in the telephone number field, if the ldif import into DS sees a non numeric value in that field it rejects the user.

Our wcadmin account had N/A in that field and the user was rejected from the import.

No wcadmin, no Windchill, as soon as I fixed that one field and re-imported the ldif file, the system came right up.

Just like everybody says "It is real simple" 🙂

Bill

Hi,



i have followed the samesteps to move from Aphelion to WindchillDS.


But after starting the Windchill, I am not able to login to server url with admin or other user login.



What is the issue here?



Extract from apache error.log



[Thu Jun 06 09:48:14 2013] [debug] mod_proxy_ajp.c(565): proxy: got response from 10.121.4.19:8010 (replwin-e.wipro-win.com)[Thu Jun 06 09:48:14 2013] [debug] proxy_util.c(2030): proxy: AJP: has released connection for (replwin-e.wipro-win.com)[Thu Jun 06 09:48:27 2013] [debug] mod_deflate.c(612): [client 10.121.12.104] Zlib: Compressed 1490 to 624 : URL /Windchill/webserver/apache/error/apachelogin.html.en[Thu Jun 06 09:48:27 2013] [debug] mod_headers.c(743): headers: ap_headers_output_filter()[Thu Jun 06 09:48:27 2013] [debug] mod_authnz_ldap.c(379): [client 10.121.12.104] [980] auth_ldap authenticate: using URL ldap://replwin-e.wipro-win.com:389/ou=people,cn=EnterpriseLdap,cn=Windchill_9.1,o=ptc[Thu Jun 06 09:48:27 2013] [info] [client 10.121.12.104] [980] auth_ldap authenticate: user wcadmin authentication failed; URI /Windchill/servlet/Navigation [User not found][No Such Object][Thu Jun 06 09:48:27 2013] [debug] mod_authnz_ldap.c(379): [client 10.121.12.104] [980] auth_ldap authenticate: using URL ldap://replwin-e.wipro-win.com/ou=people,cn=Windchill_8.0,cn=Application%20Services,o=wipro-win[Thu Jun 06 09:48:27 2013] [info] [client 10.121.12.104] [980] auth_ldap authenticate: user wcadmin authentication failed; URI /Windchill/servlet/Navigation [LDAP: ldap_simple_bind_s() failed][Invalid Credentials][Thu Jun 06 09:48:27 2013] [error] [client 10.121.12.104] user wcadmin: authentication failure for "/Windchill/servlet/Navigation": Password Mismatch[Thu Jun 06 09:48:27 2013] [debug] mod_deflate.c(612): [client 10.121.12.104] Zlib: Compressed 1490 to 624 : URL /Windchill/webserver/apache/error/apachelogin.html.en[Thu Jun 06 09:48:27 2013] [debug] mod_headers.c(743): headers: ap_headers_output_filter()[Thu Jun 06 09:48:32 2013] [debug] mod_authnz_ldap.c(379): [client 10.121.12.104] [980] auth_ldap authenticate: using URL ldap://replwin-e.wipro-win.com:389/ou=people,cn=EnterpriseLdap,cn=Windchill_9.1,o=ptc[Thu Jun 06 09:48:32 2013] [info] [client 10.121.12.104] [980] auth_ldap authenticate: user alonkar authentication failed; URI /Windchill/servlet/Navigation [User not found][No Such Object][Thu Jun 06 09:48:32 2013] [debug] mod_authnz_ldap.c(379): [client 10.121.12.104] [980] auth_ldap authenticate: using URL ldap://replwin-e.wipro-win.com/ou=people,cn=Windchill_8.0,cn=Application%20Services,o=wipro-win[Thu Jun 06 09:48:32 2013] [info] [client 10.121.12.104] [980] auth_ldap authenticate: user alonkar authentication failed; URI /Windchill/servlet/Navigation [LDAP: ldap_simple_bind_s() failed][Invalid Credentials][Thu Jun 06 09:48:32 2013] [error] [client 10.121.12.104] user alonkar: authentication failure for "/Windchill/servlet/Navigation": Password Mismatch[Thu Jun 06 09:48:32 2013] [debug] mod_deflate.c(612): [client 10.121.12.104] Zlib: Compressed 1490 to 624 : URL /Windchill/webserver/apache/error/apachelogin.html.en[Thu Jun 06 09:48:32 2013] [debug] mod_headers.c(743): headers: ap_headers_output_filter()[Thu Jun 06 09:48:34 2013] [debug] mod_authnz_ldap.c(379): [client 10.121.12.104] [980] auth_ldap authenticate: using URL ldap://replwin-e.wipro-win.com:389/ou=people,cn=EnterpriseLdap,cn=Windchill_9.1,o=ptc[Thu Jun 06 09:48:34 2013] [info] [client 10.121.12.104] [980] auth_ldap authenticate: user alonkar authentication failed; URI /Windchill/servlet/Navigation [User not found][No Such Object][Thu Jun 06 09:48:34 2013] [debug] mod_authnz_ldap.c(379): [client 10.121.12.104] [980] auth_ldap authenticate: using URL ldap://replwin-e.wipro-win.com/ou=people,cn=Windchill_8.0,cn=Application%20Services,o=wipro-win[Thu Jun 06 09:48:34 2013] [info] [client 10.121.12.104] [980] auth_ldap authenticate: user alonkar authentication failed; URI /Windchill/servlet/Navigation [LDAP: ldap_simple_bind_s() failed][Invalid Credentials][Thu Jun 06 09:48:34 2013] [error] [client 10.121.12.104] user alonkar: authentication failure for "/Windchill/servlet/Navigation": Password Mismatch[Thu Jun 06 09:48:34 2013] [debug] mod_deflate.c(612): [client 10.121.12.104] Zlib: Compressed 1490 to 624 : URL /Windchill/webserver/apache/error/apachelogin.html.en[Thu Jun 06 09:48:34 2013] [debug] mod_headers.c(743): headers: ap_headers_output_filter()


Is this the correct/active search base
ou=people,cn=Windchill_8.0,cn=Application%20Services,o=wipro-win ?

You can try to reset the password for the user "alonkar" present
under ou=people,cn=Windchill_8.0,cn=Application%20Services,o=wipro-win and
try


Warm Regards,
*BINESH*
Consultant - Windchill
Barry Wehmiller International Resources


Announcements