cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X

Restrict access to windchill

Go to solution
ManojC
1-Newbie
1-Newbie
‎Jul 01, 2014 07:56 AM
‎Jul 01, 2014 07:56 AM

Restrict access to windchill

Hi,

I have a requirement to restrict few users among big bunch of users, kindly share the methods you know in this regard.

I have tried following methods ..

- tried to configure apache by using "Require ldap-filter" but failed to get success.

- tried to restrict from ACL .. but in this user could able to navigate the windchill but do not have access to perform any action.

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
ChrisSpartz
12-Amethyst
12-Amethyst
(To:ManojC)
‎Jul 02, 2014 12:49 PM
‎Jul 02, 2014 12:49 PM

Instead of using 'Require ldap-filter', you can add the filter directly to the ldap url in apache, and to the JNDI adapter in Windchill. In your <Apache>/conf/extra/app-Windchill-AuthProvider.xml file, your ldap URL will look like:
ldap://<Ldap Host>:<Ldap Port>/<Search Base>?<Attribute>?<Scope>?<Filter>

Update the filter section of the URL with your ldap filter. Then, from your apache directory, run the below to propagate the configuration:
ant -f webAppConfig.xml regenWebAppConf

After restarting apache, all ldap queries it makes to that provider will use the specified URL. That will restrict what users are able to log in, but you'll still need to add the filter to the JNDI adapter to restict what users Windchill can query for. In Windchill go to Site->Utilities->InfoEngine Administration. Select your JNDI adapter from the list of adapters and add the property:
<JNDI Adapter Name>.windchill.mapping.user.filter=<Filter>

View solution in original post

0 Kudos
Notify Moderator
1 REPLY 1
ChrisSpartz
12-Amethyst
12-Amethyst
(To:ManojC)
‎Jul 02, 2014 12:49 PM
‎Jul 02, 2014 12:49 PM

Instead of using 'Require ldap-filter', you can add the filter directly to the ldap url in apache, and to the JNDI adapter in Windchill. In your <Apache>/conf/extra/app-Windchill-AuthProvider.xml file, your ldap URL will look like:
ldap://<Ldap Host>:<Ldap Port>/<Search Base>?<Attribute>?<Scope>?<Filter>

Update the filter section of the URL with your ldap filter. Then, from your apache directory, run the below to propagate the configuration:
ant -f webAppConfig.xml regenWebAppConf

After restarting apache, all ldap queries it makes to that provider will use the specified URL. That will restrict what users are able to log in, but you'll still need to add the filter to the JNDI adapter to restict what users Windchill can query for. In Windchill go to Site->Utilities->InfoEngine Administration. Select your JNDI adapter from the list of adapters and add the property:
<JNDI Adapter Name>.windchill.mapping.user.filter=<Filter>

0 Kudos
Notify Moderator
Top Tags