User and Group LDAP Attribute Value Mapping
Windchill uses a subset of user and group LDAP attributes that are defined in an Internet-standard LDAP schema. Your directory might not use the exact directory attributes for user and group entries that Windchill expects by default.
When using an enterprise directory for users or groups, you might need to modify which attributes are used in the directory or modify which LDAP object classes define users and groups. This means that when you configure the JNDI adapter you must provide additional attribute-mapping properties to map the default Windchill user and group attributes to the corresponding user and group attributes used by your LDAP directory.
You can map property attributes using the Additional Properties section of the LDAP entry form:
The value you enter is saved in the named JNDI configuration property. After the properties are reloaded, they are then used by the directory service.
When mapping property attributes in the JNDI adapter, the following formats are used to specify the user, group, and organization attribute properties:
Principal | Property Format |
User | <service_name>.windchill.mapping.user.<map_identifier> |
Group | <service_name>.windchill.mapping.group.<map_identifier> |
Organization | <service_name>.windchill.mapping.org.<map_identifier> |
where:
<service_name> is the service name specified for the adapter (the Service Name field in the LDAP property form)
<map_identifier> is the attribute or value that you want to map
The following scenario illustrates how you might set the object class for users:
• You have assigned the JNDI adapter a service name of EnterpriseDirectory1.
• In Windchill, the map identifier when setting the object class property is objectClass.
• You are mapping this property for users, therefore specify the format windchill.mapping.user.
• The default object class value in Windchill is “inetOrgPerson,” but you want to set the value to “organizationalPerson.”
To set this property, you would complete the following actions under the Additional Properties section of the LDAP entry form:
1. In the Property field enter:
EnterpriseDirectory1.windchill.mapping.user.objectClass
2. In the Value field, enter:
organizationalPerson
3. Click Add.