Set Additional Properties
Compare your enterprise directory attributes to the Windchill attributes to determine where differences occur. The Windchill user and group attributes are described in
User and Group LDAP Attribute Value Mapping. Use this information when comparing attribute definitions.
If a property is not defined on the form, you can add it in the Additional Properties field. When adding additional properties, the property name is comprised of the name of the adapter entry (the value of the Service Name field on the LDAP entry form) followed by the property name. For example:
<service_name>.pageSize
Set the following additional properties, if necessary. You can add them using the Additional Properties field on the LDAP entry form:
windchill.config.readOnly
Set this property to TRUE to indicate that the directory does not allow modifications performed through Windchill. Otherwise, the property is not required, or it can be set to FALSE.
windchill.config.doesNotContainGroups
Set this property to TRUE to indicate that the directory does not contain groups and should not be searched for groups. Otherwise, the property is not required, or it can be set to FALSE.
windchill.config.directoryType
This property is only required when using a Microsoft Active Directory; otherwise, disregard this property.
Setting this property prompts the adapter to handle some requests in a way that is uniquely compatible with a Microsoft Active Directory:
<service_name>.windchill.config.directoryType=ADS
Once set, this property automatically enables paged searches. To configure paged searches, use the
pageSize and
pagedSizeLimit properties. For more information, see
JNDI Adapter Properties.
|
Paged searches can be configured for any directory type, but are only enabled by default when using a Microsoft Active Directory. To enable paged searches for other directory types, set the pageSize property.
|
windchill.mapping.user.attributes
Specifies the LDAP attributes that are available to Windchill and in the participant cache. For example, a typical attribute accessed by Windchill might be:
user.getAttributes().get(“<LDAP-attribute-name>”);
Enter attributes as a comma-separated list.
windchill.mapping.usersOrganizationName
There are two ways to assign an organization name to a user. If a user is not assigned an organization, they cannot access data in any child contexts (such as products, projects, and libraries). The method you use depends on whether or not you need to identify multiple organizations:
◦ If your system has multiple organizations and you need to associate different sets of users to different organizations, you can assign an organization attribute to each user entry in the directory server. The value assigned to the organization attribute is the organization the user is assigned to in Windchill.
By default, Windchill identifies the o attribute in the directory server when looking up an organization name for the user. If your directory server does not use the o attribute, then you must define the attribute that you are associating with the organization name using the following property:
<service_name>.windchill.mapping.user.o=<organization_attribute_name>
Where <service_name> is the service name of the adapter and <organization_attribute_name> is the attribute in your directory server used to associate users with organization names.
◦ If all users accessed through a JNDI adapter belong to the same organization, you can assign the users’ organization name by adding the usersOrganizationName property:
<service_name>.windchill.mapping.usersOrganizationName=<organization_name>
The value you set for this property represents the organization name assigned to all users accessed through this adapter.
If used, this property overrides any organization attribute defined in user entries in the directory server. Only the value of the
usersOrganizationName property is used by Windchill. For more information, see
Managing User Access to Data.
For more information on mapping attribute values, see
User and Group LDAP Attribute Value Mapping.