Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X
Hi,
I have a requirement to restrict few users among big bunch of users, kindly share the methods you know in this regard.
I have tried following methods ..
- tried to configure apache by using "Require ldap-filter" but failed to get success.
- tried to restrict from ACL .. but in this user could able to navigate the windchill but do not have access to perform any action.
Solved! Go to Solution.
Instead of using 'Require ldap-filter', you can add the filter directly to the ldap url in apache, and to the JNDI adapter in Windchill. In your <Apache>/conf/extra/app-Windchill-AuthProvider.xml file, your ldap URL will look like:
ldap://<Ldap Host>:<Ldap Port>/<Search Base>?<Attribute>?<Scope>?<Filter>
Update the filter section of the URL with your ldap filter. Then, from your apache directory, run the below to propagate the configuration:
ant -f webAppConfig.xml regenWebAppConf
After restarting apache, all ldap queries it makes to that provider will use the specified URL. That will restrict what users are able to log in, but you'll still need to add the filter to the JNDI adapter to restict what users Windchill can query for. In Windchill go to Site->Utilities->InfoEngine Administration. Select your JNDI adapter from the list of adapters and add the property:
<JNDI Adapter Name>.windchill.mapping.user.filter=<Filter>
Instead of using 'Require ldap-filter', you can add the filter directly to the ldap url in apache, and to the JNDI adapter in Windchill. In your <Apache>/conf/extra/app-Windchill-AuthProvider.xml file, your ldap URL will look like:
ldap://<Ldap Host>:<Ldap Port>/<Search Base>?<Attribute>?<Scope>?<Filter>
Update the filter section of the URL with your ldap filter. Then, from your apache directory, run the below to propagate the configuration:
ant -f webAppConfig.xml regenWebAppConf
After restarting apache, all ldap queries it makes to that provider will use the specified URL. That will restrict what users are able to log in, but you'll still need to add the filter to the JNDI adapter to restict what users Windchill can query for. In Windchill go to Site->Utilities->InfoEngine Administration. Select your JNDI adapter from the list of adapters and add the property:
<JNDI Adapter Name>.windchill.mapping.user.filter=<Filter>