Skip to main content
G
gramasamy1-Visitor
1-Visitor
October 8, 2015
Solved

What is the need for disconnecting the users in Windchill before Corporate LDAP integration and re-connecting them after integrating?

  • October 8, 2015
  • 1 reply
  • 4672 views

I am working on a project, where the client wants to integrate their production server with their corporate LDAP server. And they have some 2000 users. They want to dis-connect the users before the LDAP integration. After integrating, they are going to re-connect the users from windchill DB to the corporate LDAP.

Can someone explain why this is being done and please give me insight in this...Also will it be easy to re-connect 2000 disconnected users?

Best answer by BineshKumar1

1.     Disabled - This is marked when the user is there in LDAP but not in windchill cache?

This is marked when user is deleted from Windchill. From Site>Utilities> Participant Administration > Delete User from Windchill / Delete User from Windchill and Directory Service

If you have to reconnect a disconnected user, then you have to go to Site>Utilities> Participant Administration > From Actions search for disconnected users > RMB of disconnected user > Repair > Search and connect for newly created user in AD

Thank you

Binesh Kumar

Barry Wehmiller

1 reply

B
BineshKumar11-Visitor
1-Visitor
October 8, 2015

Hello Ganesh,

You can do this in two ways

  1. The method which you have explained, configure JNDI adapter for active directory. Update the adapter reference and remoteid(stores base DN of principal) from the database. If you are good with the database, then you can directly modify the database tables(remoteobjectid and remoteobjectinfo) and just restart the system, it would reconnect the principal without any manual steps.
  2. Use Active Directory just for authentication and maintain the users in the Windchill DS. You will just have to point webserver to active directory (you need to have the same userid in WDS and Active directory) and webserver will pass on the userid with REMOTE_USER.  If you are planning to use digital signature then this option will not work.

Thank you

Binesh Kumar

Barry Wehmiller

    G
    gramasamy1-VisitorAuthor
    1-Visitor
    October 8, 2015

    Thanks Binesh for the details...I think we will doing by the first way. I have the following questions too.

         1.     What makes a user disconnected? The user will be deleted from LDAP or he will be deleted from windchill tables?

         2.     How can we get the list of active users? From LDAP or from wtuser table (DB)?

    B
    BineshKumar11-Visitor
    1-Visitor
    October 8, 2015

    What makes a user disconnected? The user will be deleted from LDAP or he will be deleted from windchill tables?

    If a user is persisted in Windchill database tables and if Windchill is not able to locate the user in any of the LDAP repositories, then that user will be marked as disconnected in Windchill. repairdNeeded in WTUser table will be set.

    How can we get the list of active users? From LDAP or from wtuser table (DB)?

    Active users are the users in WTUser who does not have repairneeded or disabled flag set

    Thank you

    Binesh Kumar

    Barry Wehmiller

      Terms & ConditionsCookie settingsAccessibility statement