new participant cant log in

cadjett · ‎Dec 04, 2011

Hello ALL,

Quick question before hitting anymore guides &/or placing ptc call.

Current location attempted rehost for test server effort (before I got here)& probably missed some steps.

Not sure if this caused this issue or any others, but 2 different admins imported 2 different time stamped ldif's.

I resolved most issues, but when I created a couple new users, I cant log in with those accounts.

They show in ldap control panel & exported ldif properly, but wont log in.

Any ideas on:

If I want to import a brand new ldap ldif or backup (from source system), how can I wipe out existing people (participants). Been awhile since I had to do that & not sure if I did it on wc9.1 or not.

The also any ideas on what could all cause issues with new accountsnot being able to log in.

wc9.1 m050+ I think & windchillDS on windows servers 2003.

Thanks for any help.

L Jett
datajett@aol.com

cadjett · ‎Dec 05, 2011

I should have added this:

apache error log showed:

user ljett not found: /Windchill/servlet/Navigation

an exported ldif clearing shows ljett
wc ds control panel shows the user

but anything added/edited after rehost will not accept a log in & shows as user not found in apache error log.

when I say edited, I am referring to changing the password to a existing user & it will not accept the login with the new password.

now the existing user accounts we knew the passwords for work fine.

Now I know You Windchill Investigation Thrill Seekers have to be intrigued by this one.

L Jett
datajett@aol.com

cadjett · ‎Dec 05, 2011

I seen another post on here that mentioned a rehost & the ldap db of the clone/target still pointing to the source/original.

post 91553 (cant seem ot copy paste in these forum thread windows).

They threw out a test of changing the password on source/original & seeing if it worked on the new target/clone & it did.

So I would imagine when they mentioned pointing to the ldap db, they are speaking of the repository table.

I have checked the lastknowndomain & local=1 & it has the right URL/URI/? (new target), so I am wondering what else it could be.

I see the GUID & IDA2A2 are the same on source/target, but I am not sure if they are supposed to be.

But i am going back to the rehost guide & see where the previous admin might have missed.

Any suggestions would be greatly appreciated.

L Jett
datajett@aol.com

ddemay · ‎Dec 05, 2011

If the password changed works from rehosted copy check your apache web server

Sent from my Verizon Wireless BlackBerry

RandyJones · ‎Dec 05, 2011

On 12/05/11 14:56, Lawrence Jett wrote:
>
> ????I seen another post on here that mentioned a rehost & the ldap db of the clone/target still pointing to the source/original.
>
> ?post 91553 (cant seem ot copy paste in these forum thread windows).
>
> They threw out a test of changing the password on source/original & seeing if it worked on the new target/clone & it did.
>
> So I would imagine when they mentioned pointing to the ldap db, they are speaking of the repository table.
>
> I have checked the lastknowndomain & local=1 & it has the right URL/URI/? (new target), so I am wondering what else it could be.
>
> I see the GUID & IDA2A2 are the same on source/target, but I am not sure if they are supposed to be.
>
> But i am going back to the rehost guide & see where the previous admin might have missed.
>
> Any suggestions would be greatly appreciated.
>

Check the Apache/conf/extra/app-Windchill-Auth.conf file.
And also the site.xconf file for any entry containing the source host hostname that should be the rehosted hostname.

>
> L Jett
> datajett@aol.com <">mailto:datajett@aol.com>
>
>
> ----------

--
------------------------------------------------------------------------
Randy Jones
Systems Administrator
Great Plains Mfg., Inc.
1525 E North St
PO Box 5060
Salina, KS USA 67401
email: -
Phone: 785-823-3276
Fax: 785-667-2695
------------------------------------------------------------------------

cadjett · ‎Dec 06, 2011

Thanks Randy,

But the file you mentioned (app-Windchill-Auth.conf) has a line that says:

# DO NOT EDIT THIS FILE. IT IS AUTO-GENERATED AND WILL BE OVERWRITTEN.

But what I did find on ptc or rehost/install guide or on here, was that you should change the app-Windchill-AuthProvider.xml file & then propagate.

It then updates the file you mentioned.

I wish I had seen this post last night before I spent a few hours to find the similar/same thing.

Basically you editthesource to target domains in thisfile:

<path to=" ptc=">\Apache\conf\extra\app-Windchill-AuthProvider.xml

then propagate it from apache folder in wc shell:

ant -f webAppConfig.xml regenWebAppConf

It will update several apache config files, including the app-Windchill-Auth.conf file.

I was then able to log in with the newly created account.

Thanks for the input.

L Jett

LiuLiang · ‎Dec 06, 2011

Did you check the servername showing inldap control panelis source or target server?

In ldap control panel, browse down to the subtree node for dc=com (same level as ou=people).

If it still shows source server name, previous admin most likely missed below steps after importing source ldap db :

1. delete the node (and children) dc=com on target in control panel.

2. import the TargetConfigurationBranch.ldif that was exported from target before importing source ldap db.

cadjett · ‎Dec 07, 2011

Thanks Liu,

But my issue was with the previously mentioned app-Windchill-AuthProvider.xml file. It had wrong/old domain.

Thanks for the response though.

L Jett

JIMVANDRAGT · ‎Dec 19, 2011

Good Day All,

We are looking at implementing a BigIP load balancer for PDMLink 9.1 M050. I'm looking for any recommended settings to use or avoid from those of you who have gone down this road before.

TIA!

Jim

Jim Van Dragt
PLM Architect
Information Technology

hermanmiller.com
616 654 5285 OFFICE
616 836 8394 MOBILE

HermanMiller