cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

changed AD server, now domain users can't log in

egifford
12-Amethyst
12-Amethyst
‎Jul 24, 2013 07:10 AM
‎Jul 24, 2013 07:10 AM

changed AD server, now domain users can't log in

Windchill PDMLink 10.0 M030, running on Windows, connecting to Microsoft AD for user authentication



I change the specified AD server in both the EnterpriseLdap info Engine adapter and app-Windchill-AuthProvider.xml under <apache>/conf/extra, ran ant -f webAppConfig.xml regenAllWebApps from a WindchillShell set to the Apache directory. In the AuthProvider file I hadalso changed (objectClass=*) to (objectClass=user) for the EnterpriseLdap service. rebooted, no domain user could log in. So I switched everything back (renaming a copy of the original AuthProvider.xml back to make it active), ran the ant command, changed the Info Engine Adapter etc. Rebooted. Unchanged - no domain user can log in. admin users from the AdministrativeLdap still work fine.



So, question is, what did I screw up? Followed instructions from PTC. Is it possible changing the ObjectClass specified in the Authprovider.xml file screwed something up that doesn't get corrected by changing it back?



Did this to verify we can easily change the AD server specified if the one specified should go down. Was also trying to limit the AD data pulled in to users so I'm not pulling groups, PC names etc. - which it had been to this point.



Anyway, right now my users can only work in offline mode until I get this fixed - not very effective.



Thanks in advance for any tips.



Erik


Labels:
0 Kudos
Notify Moderator
2 REPLIES 2
rporzel-5
1-Visitor
1-Visitor
(To:egifford)
‎Jul 24, 2013 07:15 AM
‎Jul 24, 2013 07:15 AM

Have you verified that the data in app-Windchill-Auth.conf is correct?
0 Kudos
Notify Moderator
egifford
12-Amethyst
12-Amethyst
(To:egifford)
‎Jul 24, 2013 10:09 AM
‎Jul 24, 2013 10:09 AM

fix wasa correctionin the apache conf file (and authprovider.xml)



This :



AuthLDAPURL


"ldap://domain_controller_name:3268/CN=Users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"



Should have been this:



AuthLDAPURL


"ldap://domain_controller_name:3268/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags