cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X

What is the need for disconnecting the users in Windchill before Corporate LDAP integration and re-connecting them after integrating?

gramasamy
2-Explorer

What is the need for disconnecting the users in Windchill before Corporate LDAP integration and re-connecting them after integrating?

I am working on a project, where the client wants to integrate their production server with their corporate LDAP server. And they have some 2000 users. They want to dis-connect the users before the LDAP integration. After integrating, they are going to re-connect the users from windchill DB to the corporate LDAP.

Can someone explain why this is being done and please give me insight in this...Also will it be easy to re-connect 2000 disconnected users?

ACCEPTED SOLUTION

Accepted Solutions

1.     Disabled - This is marked when the user is there in LDAP but not in windchill cache?

This is marked when user is deleted from Windchill. From Site>Utilities> Participant Administration > Delete User from Windchill / Delete User from Windchill and Directory Service

If you have to reconnect a disconnected user, then you have to go to Site>Utilities> Participant Administration > From Actions search for disconnected users > RMB of disconnected user > Repair > Search and connect for newly created user in AD

Thank you

Binesh Kumar

Barry Wehmiller

View solution in original post

10 REPLIES 10

Hello Ganesh,

You can do this in two ways

  1. The method which you have explained, configure JNDI adapter for active directory. Update the adapter reference and remoteid(stores base DN of principal) from the database. If you are good with the database, then you can directly modify the database tables(remoteobjectid and remoteobjectinfo) and just restart the system, it would reconnect the principal without any manual steps.
  2. Use Active Directory just for authentication and maintain the users in the Windchill DS. You will just have to point webserver to active directory (you need to have the same userid in WDS and Active directory) and webserver will pass on the userid with REMOTE_USER.  If you are planning to use digital signature then this option will not work.

Thank you

Binesh Kumar

Barry Wehmiller

Thanks Binesh for the details...I think we will doing by the first way. I have the following questions too.

     1.     What makes a user disconnected? The user will be deleted from LDAP or he will be deleted from windchill tables?

     2.     How can we get the list of active users? From LDAP or from wtuser table (DB)?

What makes a user disconnected? The user will be deleted from LDAP or he will be deleted from windchill tables?

If a user is persisted in Windchill database tables and if Windchill is not able to locate the user in any of the LDAP repositories, then that user will be marked as disconnected in Windchill. repairdNeeded in WTUser table will be set.

How can we get the list of active users? From LDAP or from wtuser table (DB)?

Active users are the users in WTUser who does not have repairneeded or disabled flag set

Thank you

Binesh Kumar

Barry Wehmiller

Got that

Thank you so much. I went to the WTUsers table. There are two columns in WTUser table

1.     Disabled - This is marked when the user is there in LDAP but not in windchill cache?

2.     RepariNeeded - I got this from your explanation

I know it is too much to ask, but do you have any procedure for re-connecting users after enterprise LDAP integration?

1.     Disabled - This is marked when the user is there in LDAP but not in windchill cache?

This is marked when user is deleted from Windchill. From Site>Utilities> Participant Administration > Delete User from Windchill / Delete User from Windchill and Directory Service

If you have to reconnect a disconnected user, then you have to go to Site>Utilities> Participant Administration > From Actions search for disconnected users > RMB of disconnected user > Repair > Search and connect for newly created user in AD

Thank you

Binesh Kumar

Barry Wehmiller

Thanks binesh for taking the time in explaining all these. I completely understand it now.

Hi Binesh,

I need to re-connect 2000 users. Since it is not possible manually, can we do it through a utility?

If so, can you please let me know if there are any APIs to achieve this?

Thanks,

Ganesh.

Hello Ganesh,

PTC TS has some SQL scripts to do that, not through APIs. In the meantime, I will lookup my notes to see whether i have it .

Thank you,

Binesh Kumar

Barry Wehmiller

Thanks Binesh....

dtran-4
6-Contributor
(To:BineshKumar1)

Hi,

 

If you have PTC SQL script to reconnect disconnected user from  AD to WIndchill DS. Please share this with me

Announcements


Top Tags