Integration with Established Enterprise Directory Services
Windchill Organization Services is the Windchill subsystem that is responsible for providing and managing information about principals (users, groups, and organizations). Windchill Organization Services integrates with LDAP-based directories to obtain and maintain information about users, groups, and organizations. The primary source of information about every Windchill principal is the LDAP directory service. This level of integration with LDAP-based directories makes Windchill compatible with other enterprise applications that obtain information about principals from the LDAP directory service, including web servers, enterprise email, single sign-on solutions, and Public Key Infrastructure (PKI).
Directory-enabled administration of principals has a number of advantages including:
• Enables single user sign-on across the enterprise. When multiple enterprise applications authenticate their users against a common, shared directory service, the concept of a single user sign-on is achieved. This avoids the necessity of creating and maintaining a separate username and password for each enterprise application (or each installation of Windchill deployed in an enterprise).
• Minimizes the cost of administration. When multiple directory-enabled applications obtain their information about principals from a single, shared directory service, it becomes unnecessary to duplicate, maintain, or synchronize that information in multiple places. It also becomes unnecessary to deploy and maintain multiple user interfaces for creating and managing that information.
• Enables Public Key Infrastructure. Secure exchange of business data based upon digital signature technology, both within and between enterprises, requires that public keys be registered in a place that is easy to access and maintain. Shared, standards-based directory services such as LDAP directories are very convenient registries for public keys. A person’s public key can be registered in a directory entry along with all of the other information that describes that person (for example, name, email and postal addresses, telephone and fax numbers, and so on).
User Information
The Windchill class wt.org.WTUser provides applications with information about their users. Every Windchill user must have an entry in an LDAP directory service. The information conveyed by an instance of wt.org.WTUser is obtained from the corresponding user’s LDAP directory entry. In particular, each instance of this class provides the following information about its user:
name
Specifies the unique name of the user within the scope of the directory context in which the user’s entry resides.
fullName
Specifies the user’s full name.
eMail
Specifies the user’s email address
locale
Specifies the user’s locale, primarily for generation of email notifications addressed to the user.
certificates
Specifies any public certificates registered for the user (for example, for verifying digital signatures or for encrypting information that only the user can decrypt).
postalAddress
Specifies the user’s postal address.
organizationName
Specifies the name of the organization (for example, company or university) with which the user is employed or associated.
telephoneNumber
Specifies the user’s telephone number.
faxNumber
Specifies the user’s fax number.
mobilePhoneNumber
Specifies the user’s cell phone number.
webSite
Specifies the URL of the user’s website.
Group Information
The Windchill class wt.org.WTGroup provides applications with information about related groups of users. Every Windchill group must have an entry in an LDAP directory service. The information conveyed by an instance of wt.org.WTGroup is obtained from the corresponding group’s LDAP directory entry. In particular, each instance of this class provides the following information about a group:
name
Specifies the unique name of the group within the scope of the directory context in which the entry of the group resides.
description
Provides descriptive text about the organization.
members
Specifies the users or groups that are members of the organization.
Organization Information
The Windchill class wt.org.WTOrganization provides applications with information about organizations (for example, companies, universities, government institutions). Every organization referenced by Windchill must have an entry in an LDAP directory service. The information conveyed by an instance of wt.org.WTOrganization is obtained from the corresponding LDAP directory entry of the organization. In particular, each instance of this class provides the following information about an organization:
name
Specifies the unique name of the organization within the scope of the directory context in which the entry of the organization resides.
organizationIdentifier
Specifies the globally unique identifier under which the organization is registered. This might be a DUNS number, ISO organization identifies, or cage code.
description
Provides descriptive text about the group.
members
Specifies the users or nested groups that are members of the group.
administrator
Specifies the user or group that serves as administrator of the organization.
classification
Specifies the business classification of the organization.
conferencingIdentifier
Specifies an identifier that is used in conjunction with the conferencingURL attribute to create or subscribe to meetings and conferences scheduled by the organization.
conferencingURL
Specifies the URL of a service that can be used to create or subscribe to meetings and conferences scheduled by the organization.
internetDomain
Specifies the name of the web domain associated with the organization.
location
Specifies the postal address of the organization.
subscriber
Specifies whether or not the organization is a subscriber to a web exchange hosted by Windchill.
webSite
Specifies the URL of the organization website.
While all of the detailed information about each user, group, and organization comes from an LDAP directory, some information about each one is also stored in the Windchill database. Each such database entry serves mainly as a pointer to an LDAP directory entry, but it also contains Windchill-specific information about a user, group, or organization (for example, the Windchill administrative domain in which the principal resides), and it allows Windchill object references for users, groups, and organizations to be constructed and associated with other classes of Windchill objects (for example, creator, modifier, and owner references for parts and documents).
Windchill Organization Services is responsible for interfacing with LDAP directories to query and manage information about Windchill principals. This includes mapping directory attributes to and from the Windchill classes wt.org.WTUser, wt.org.WTGroup, and wt.org.WTOrganization. It also includes the automatic creation and management of the database entries that reference entries or principals in directory services.