Solved: Re: How to change ldap servers?

ptc-1609185 · ‎Nov 08, 2012

I would like to know the procedure for changing where the enterprise ldap provider url points at. My company has mutliple ldap servers and the current server we point to is being excessed by the end of the year. What places in Windchill, Apache or other config files will I need to update in order to seamlessly transition the the provider url.

Thank you in advance

Dave

mdigman-2 · ‎Nov 19, 2012

Hi Dave,

If the only thing that needs to update is the provider URL there are two changes you need to make.

There is a URL stored in Windchill. Go to Site->Info*EngineAdapter, and enter the credentials to log into your WindchillDS LDAP instance. Choose the ***.****.EnterpriseLdap entry under Adapters. About the 7th box down is the setting for the Provider URL. Enter the new URL in this box. Save, exit, and restart.

You also need to update Apache. Go to Apache/conf/extra and open app-Windchill-AuthProvider.xml. One of the entries should have the URL for your Enterprise Ldap. Update this as needed. Then open a Windchill shell, change directories to the Apache folder, and run "ant -f webAppConfig.xml regenAllWebApps". Restart Apache and you should be good.

One very important note. I had a 10.1 system where we included a filter in the Enterprise Ldap adapter (to Active Directory) to not return any inactive users. When I would run the config process above it would not put the <AuthnProviderAlias> entry in the app-Windchill-Auth.conf file. This is in the same folder, and is the actual file that Apache uses. For that system I would just open both files and edit the lines manually. Apache actually uses the conf file, and Windchill uses the xml file to configure the conf file. After some updates/maintenance installs I would have to manually reconfigure the app-Windchill-Auth.conf file. I do not know if this is an issue in 10.0 or 9+.

Micah

View solution in original post

JørnAHansen · ‎Nov 17, 2012

Sounds like you need to perform a change of the ldap URL by reconfiguring at least steps 1. and 5. in http://www.ptc.com/cs/help/windchill_hc/wc100_hc/index.jspx?id=WCInstall_ConfigEntDir_Oview&action=show

mdigman-2 · ‎Nov 19, 2012

Hi Dave,

If the only thing that needs to update is the provider URL there are two changes you need to make.

There is a URL stored in Windchill. Go to Site->Info*EngineAdapter, and enter the credentials to log into your WindchillDS LDAP instance. Choose the ***.****.EnterpriseLdap entry under Adapters. About the 7th box down is the setting for the Provider URL. Enter the new URL in this box. Save, exit, and restart.

You also need to update Apache. Go to Apache/conf/extra and open app-Windchill-AuthProvider.xml. One of the entries should have the URL for your Enterprise Ldap. Update this as needed. Then open a Windchill shell, change directories to the Apache folder, and run "ant -f webAppConfig.xml regenAllWebApps". Restart Apache and you should be good.

One very important note. I had a 10.1 system where we included a filter in the Enterprise Ldap adapter (to Active Directory) to not return any inactive users. When I would run the config process above it would not put the <AuthnProviderAlias> entry in the app-Windchill-Auth.conf file. This is in the same folder, and is the actual file that Apache uses. For that system I would just open both files and edit the lines manually. Apache actually uses the conf file, and Windchill uses the xml file to configure the conf file. After some updates/maintenance installs I would have to manually reconfigure the app-Windchill-Auth.conf file. I do not know if this is an issue in 10.0 or 9+.

Micah