It looks like you are at the end of an upgrade, moving away from WindchillDS to the corporate LDAP.
I used this utility to migrate users once. Here is an example of the command for mapping user DNs. The file doesn't have to be in the the Windchill load point.
windchill wt.org.util.ReconnectPrincipalsUtility -u wcadmin -p {password} -f D:\PTC\ParticipantsMap.xml
This is the syntax of ParticipantsMap.xml where <reconnect> can be repeated as many times as needed.
<dnMapping>
<reconnect>
<sourceDN>uid=$email,ou=<>,cn=<>,cn=<>,o=ptc</sourceDN>
<targetDN>uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com</targetDN>
</reconnect>
</dnMapping>
The <adapterMapping> is only necessary when migrating the user from one JNDI Adapter to another and I haven't needed it. I'm guessing you would run the adapter mapping as a separate file.
windchill wt.org.util.ReconnectPrincipalsUtility -u wcadmin -p {password} -f D:\PTC\AdaptersMap.xml
And the AdaptersMap.xml would look like this.
<adapterMapping>
<sourceAdapter>net.company.InternalLdap</sourceAdapter>
<targetAdapter>net.company.EnterpriseLdap</targetAdapter>
</adapterMapping>
The fun part is mapping source to target DNs for hundreds or thousands of users.
-- Get source DNs (DB query)
select wtu.name, wtu.email, roid.remoteObjectId from WTUser wtu, RemoteObjectInfo roin, RemoteObjectId roid where wtu.idA2A2=roin.idA3A3 and roin.remoteId=roid.idA2A2 order by email;
# Get target DNs (Powershell)
Get-ADUser -Filter 'objectClass -eq "user" -and memberOf -eq "{DN of Windchill filter group}"' -SearchBase "{search base}" | Format-Table sAMAccountName,userPrincipalName,DistinguishedName -A
I put the values in Excel and align old and new values. Sometimes user's name or email attributes match or follow a consistent pattern between LDAP servers. Sometimes it gets very tedious. There is a way to export Excel to structured XML. I did it once, but can't find my template file now.
In most cases I've found it quicker and easier to just update all the users with a DB query. The <dnMapping> just updates the RemoteObjectId.remoteObjectId value. Each sourceDN/targetDN pair is equivalent to this database update line.
-- Update one entry at a time.
update RemoteObjectId set remoteObjectId='uid=$email,ou=users,dc=xxxxxxx=,dc=okta,dc=com' where remoteObjectId='uid={userPrincipalName},ou=<>,cn=<>,cn=<>,o=ptc';
Or, when the DN structure changes are consistent...
-- Replace 'ou=<>,cn=<>,cn=<>,o=ptc' with 'ou=<>,cn=<>,cn=<>,o=ptc','ou=users,dc=xxxxxxx=,dc=okta,dc=com'
update RemoteObjectId set remoteObjectId=replace(remoteObjectId,'ou=<>,cn=<>,cn=<>,o=ptc','ou=users,dc=xxxxxxx=,dc=okta,dc=com') where remoteObjectId like '%,ou=<>,cn=<>,cn=<>,o=ptc';
Maybe someone else can respond with a full example for you.
