Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X
Hello.
I'm trying to only Auth by Active Directory, but service start by WindchillDS.
I want below process.
If AD user(by AD join Computer) try to access Windchill, authentication occur(SSO) then same ID in WindchillDS Ldap can start service.
and user in not AD have to enter Windchill Ldap account for can start service.
Because there is not all member in Active Directory.
AD and WindchillDS both can authentication but using service is only WindchillDS Ldap user.
AD user have same ID in WindchillDS.
Is it possible? Please help.
product is Windchill PDMLink 10.2 M030. Thanks,
Solved! Go to Solution.
Based on your questions, I think option three is probably what you are trying to do.
With this configuration, if a user exists in Active Directory and Windchill DS, they can log on. If a user does not exist in Active Directory but does exist in Windchill DS, they also can log on. Finally, if a user only exists in Active Directory but does not exist in Windchill DS, they cannot log on.
These articles may help as well:
Based on your questions, I think option three is probably what you are trying to do.
With this configuration, if a user exists in Active Directory and Windchill DS, they can log on. If a user does not exist in Active Directory but does exist in Windchill DS, they also can log on. Finally, if a user only exists in Active Directory but does not exist in Windchill DS, they cannot log on.
These articles may help as well:
Thank you!! very helpful!
I found this configuration cannot add user in 'Participant Adminitrator' after add AD Id. only can in WindchillDS.
I have one more question.
WindchillDS have password policy, sending mail before expiration. Is there a way to seperate notifications? I think AD user will confusing when they receive notification about password expiration from WindchillDS.
If only Apache has been configured to talk to Active Directory, and Windchill itself has not, then configuring participants through participant administration will still work fine since it is only 'seeing' Windchill DS.
As far as password expiry notifications from Windchill DS, don't use them. Just turn them off. Since the users are defined in Active Directory there is no reason for their passwords to ever need to expire in Windchill DS. The passwords in Windchill DS don't matter since they won't be authenticated against as long as these users continue to exist in Active Directory.