It is the configuration branch entries namingService, servlet, rpc etc from WindchillDS (used for upgrade 11.1 -> 12.1) and which were there also when migrating to OpenDJ (yes I know "configuration" can be deleted, but should it be). This level shows nothing and clicking elsewhere suggests Unsaved changes.

During migration I've followed all the CS related and it worked ok. Now I did some tests with OpenDJ, prior to it took a backup and export ldif. Now reimporting the same is successful, but there's the mentioned issues.

I don't see anything in the logs. I did "Rebuild Indexes" but this changed nothing. 

In the screenshot notice how "Base DN:" selection is greyed out.

We must use PTC's WindchillDS for the upgrade process.

During upgrade, organizations and groups are migrated into Windchill and the entire cn=configuration,cn=Windchill_11.1,o=ptc structure is migrated into JSON files in %wt_home%\IEConf.

Post-upgrade, we must cleanup the DN structure.  I would do this in WindchillDS, before export/import into OpenDJ.

1. Delete cn=configuration,cn=Windchill_11.1,o=ptc

Compare the entries in cn=Windchill_11.1,o=ptc and cn=Windchill_12.1,o=ptc to determine where your user accounts reside.  They should be in the cn=Windchill_12.1,o=ptc structure, but just ensure they aren't in both.

Check the database to see where Windchill thinks they reside:

select remoteObjectId from RemoteObjectId where remoteObjectId like '%cn=Windchill_11.1,o=ptc';

select remoteObjectId from RemoteObjectId where remoteObjectId like '%cn=Windchill_12.1,,o=ptc';

The goal is to migrate everything to the cn=Windchill_12.1,o=ptc node and delete the cn=Windchill_11.1,o=ptc node.

When cleanup is complete, the only structure remaining in WindchillDS should be the participants (users) under cn=Windchill_12.1,o=ptc.

2. Determine if both Administrative and Enterprise branches are necessary.  They are in my environments because I separate organization participants from site participants.  But many companies don't bother with that distinction and ignore WinDU when it complains about participants assigned to the wrong domains.  If all accounts are in the Administrative LDAP, you could eliminate the EnterpriseLDAP branch and JNDI Adapter.

3. Ensure the upgrade Site Administrator account's name is wcadmin and no longer includes 'Administrator' as a second name.  Also ensure 'wcadmin', and not 'Administrator' is used in site.xconf.

4. This is the last upgrade that will mess with LDAP entries.  So, when continuing forward with OpenDJ, I clean up the structure to remove the Windchill version from the DNs (cn=Windchill,o=ptc).  Export the LDIF, use search and replace in the LDIF file, and then import into OpenDJ.  On the DB side, update all DNs (SQL Server command): update RemoteObjectID set remoteObjectId=replace(remoteObjectId,cn=windchill_11.1,o=ptc,cn=windchill_12.1,o=ptc) where remoteObjectId like '%cn=windchill_11.1,o=ptc';

When migrating to Active Directory or any other corporate LDAP, the entire nodal structure changes anyway.

At this point, the entire structure should only have user accounts in it.  Now export from WindchillDS and import into OpenDJ.

https://www.ptc.com/en/support/article/CS392017

https://community.ptc.com/t5/Windchill/who-is-using-V3-ldaps-other-than-WCDS11-2-for-windchill-12-0-1-x/m-p/797478#M66922

Only OpenDJ should be running and Windchill should start without issue.

FYI: For OpenDJ, I use "cn=Manager" like PTC did with WindchillDS.

https://community.ptc.com/t5/Windchill/Problem-Installing-OpenDJ/m-p/939834#M79374%3Fsource=search

Hi, wow, thank you again for the very comprehensive input!

your number 2. about AdministrativeLdap is an interest for us as e.g. admin id's for some users are maintained here (all actual licensed users are authenticated through AD adapter).

After the Upgrade manager run this branch is still there under 11.1 and so do the database entries point to that also. There's no AdministrativeLdap -branch under 12.1 and I assume this is correct?

So the question is, does it really matter? I agree, it looks bad, but from technical point of view, if db matches with the AdministrativeLdap entries and it works... why not leave it as is?

This relates to my concern why OpenDJ worked previously with the 11.1 branch included, but when importing the backup from the same the complaints started. This should not have anything to do with the upgrade and/or where the entries were edited. It is as if the backup procedure itself is not reliable.

But ok, if everything is cleaned up in WindchillDS prior to going for OpenDJ this is avoided, but leaves you in a lot of doubt.

I've never experienced the issues you are describing.  Completely guessing here.

• It could be a Java compatible issue with OpenDJ.  I use the save Java that is supported by the target Windchill version.  I use the latest OpenDJ Community Edition version, unless the company requires the ForgeRock version.
• Possibly a bad OpenDJ installation.  I follow the command line installation procedure I described in this community discussion.
• It may be an encoding issue as you suggest.  Are you switching between Windows and Linux? If you are editing the LDIF file, are you using Notepad++ or other higher function text editor and ensuring the encoding doesn't change upon save?

What do the OpenDJ logs say?  Reproduce your error and see what log file(s) have the latest modification stamps.

If I am reading this correctly, in your environment the active users are maintained in AD.  The policy is to not delete user accounts, but to disable them.  So, user accounts are created in WindchillDS/OpenDJ when users are removed from AD.  Is this correct?

Approximately how many LDAP user accounts are you maintaining in WindchillDS/OpenDJ?

Hi @HJ1,

I wanted to see if you got the help you needed.

If so, please mark the appropriate reply as the Accepted Solution or please feel free to detail in a reply what has helped you and mark it as the Accepted Solution. It will help other members who may have the same question.
Please note that industry experts also review the replies and may eventually accept one of them as solution on your behalf.

Of course, if you have more to share on your issue, please pursue the conversation.

Thanks,