Windchill PDMLink 10.0 M030, running on Windows, connecting to Microsoft AD for user authentication

I change the specified AD server in both the EnterpriseLdap info Engine adapter and app-Windchill-AuthProvider.xml under <Apache>/conf/extra, ran ant -f webAppConfig.xml regenAllWebApps from a WindchillShell set to the Apache directory. In the AuthProvider file I had also changed (objectClass=*) to (objectClass=user) for the EnterpriseLdap service. rebooted, no domain user could log in. So I switched everything back (renaming a copy of the original AuthProvider.xml back to make it active), ran the ant command, changed the Info Engine Adapter etc. Rebooted. Unchanged - no domain user can log in. admin users from the AdministrativeLdap still work fine.

So, question is, what did I screw up? Followed instructions from PTC. Is it possible changing the ObjectClass specified in the Authprovider.xml file screwed something up that doesn't get corrected by changing it back?

Did this to verify we can easily change the AD server specified if the one specified should go down. Was also trying to limit the AD data pulled in to users so I'm not pulling groups, PC names etc. - which it had been to this point (have now been told I can simply do this with a filter in the InfoEngine settings, nothing needed in the Apache settings).

Anyway, right now my users can only work in offline mode until I get this fixed - not very effective.

Thanks in advance for any tips.

Erik

With the help of the tech that got us through our migration, found this was the fix. Somehow the Apache settings were looking too low in the AD tree.

fix was a correction in the apache conf file (and authprovider.xml)

This :

AuthLDAPURL
"ldap://domain_controller_name:3268/CN=Users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"

Should have been this:

AuthLDAPURL
"ldap://domain_controller_name:3268/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"