cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Restrict access to windchill

ManojC
7-Bedrock

Restrict access to windchill

Hi,

I have a requirement to restrict few users among big bunch of users, kindly share the methods you know in this regard.

I have tried following methods ..

- tried to configure apache by using "Require ldap-filter" but failed to get success.

- tried to restrict from ACL .. but in this user could able to navigate the windchill but do not have access to perform any action.

ACCEPTED SOLUTION

Accepted Solutions
ChrisSpartz
13-Aquamarine
(To:ManojC)

Instead of using 'Require ldap-filter', you can add the filter directly to the ldap url in apache, and to the JNDI adapter in Windchill. In your <Apache>/conf/extra/app-Windchill-AuthProvider.xml file, your ldap URL will look like:
ldap://<Ldap Host>:<Ldap Port>/<Search Base>?<Attribute>?<Scope>?<Filter>

Update the filter section of the URL with your ldap filter. Then, from your apache directory, run the below to propagate the configuration:
ant -f webAppConfig.xml regenWebAppConf

After restarting apache, all ldap queries it makes to that provider will use the specified URL. That will restrict what users are able to log in, but you'll still need to add the filter to the JNDI adapter to restict what users Windchill can query for. In Windchill go to Site->Utilities->InfoEngine Administration. Select your JNDI adapter from the list of adapters and add the property:
<JNDI Adapter Name>.windchill.mapping.user.filter=<Filter>

View solution in original post

1 REPLY 1
ChrisSpartz
13-Aquamarine
(To:ManojC)

Instead of using 'Require ldap-filter', you can add the filter directly to the ldap url in apache, and to the JNDI adapter in Windchill. In your <Apache>/conf/extra/app-Windchill-AuthProvider.xml file, your ldap URL will look like:
ldap://<Ldap Host>:<Ldap Port>/<Search Base>?<Attribute>?<Scope>?<Filter>

Update the filter section of the URL with your ldap filter. Then, from your apache directory, run the below to propagate the configuration:
ant -f webAppConfig.xml regenWebAppConf

After restarting apache, all ldap queries it makes to that provider will use the specified URL. That will restrict what users are able to log in, but you'll still need to add the filter to the JNDI adapter to restict what users Windchill can query for. In Windchill go to Site->Utilities->InfoEngine Administration. Select your JNDI adapter from the list of adapters and add the property:
<JNDI Adapter Name>.windchill.mapping.user.filter=<Filter>

Announcements


Top Tags