Installation and Upgrade > Installation and Configuration Guide > Using the PTC Solution Installer > Installing Windchill Solutions > Launching the PTC Solution Installer > Entering Your LDAP Settings
  
Entering Your LDAP Settings
Default LDAP which could be an active directory or other V3 compliant LDAP server is required for managing Windchill users. It can also optionally manage Windchill groups information.
* 
Depending on the product you are installing, the default LDAP directory structure is different.
In the Define Settings section, enter your LDAP settings:
Option
Description
LDAP Service
Select this option if the enterprise node is ADS. Otherwise, select other V3 compliant LDAP.
As soon as you select ADS, the following options later in this section are highlighted. See Default User Mappings for ADS Attributes.
LDAP Adapter Name
Single LDAP Adapter can be configured.
LDAP Server Host Name
<hostname>.<domain> is the default.
Base Distinguished Name for LDAP Users
The base distinguished name for the LDAP Users. The setup program creates the directory using the distinguished name that you specify.
The following default values are set for you during the new installation. You cannot change these values during a new installation.
Option
Default
Description
LDAP Server Port
389
Defines the port number that the LDAP listens on for requests.
LDAP User Distinguished Name
Specifies a user node in the LDAP hierarchy that contains all users in the directory that should be visible to Windchill.
LDAP Password
LDAP administrator’s password.
Define the settings for the default LDAP server:
LDAP Service
Option
Default
Description
LDAP Service
Active Directory Service (ADS)
Select this option if the enterprise node is ADS. Otherwise, select other V3 compliant LDAP.
As soon as you select ADS, the following options later in this section are highlighted. See Default User Mappings for ADS Attributes.
Windchill Privileges for Repository
Read Only.
You can opt for load demo user only if Read and Write options are selected.
Repository Contains
Users
Select the option as per the requirement. Select either the Users or Groups check box.
Depending on the option selected, the application will consider the users or groups defined in this Enterprise LDAP when determining access to Windchill.
If the repository is read-only, the application will not attempt to manage users and groups in the repository.
LDAP Connection
Bind as User
Specifies the bind method used to connect to the Enterprise repository.
Two options are available:
Bind as Anonymous—this option does not require a user name to read the contents of the repository.
Bind as User—this option binds the specified user to the directory. This user must exist in the LDAP.
User Filter
To filter users.
Only those users who are selected here are searchable through Windchill
Examples:
If the Enterprise Node is V3 compliant LDAP:
uid= *(searches for all users)
or
uid= ne* (searches for all users with the name starting with ne).
If the Enterprise Node is ADS:
cn=* (searches for all users)
or
cn=ne*(searches for all users with the name starting with ne)
* 
You can modify this criteria after installation by going to Site > Utilities > Info*Engine Administrator and selecting the respective Enterprise Adapter.
Group Filter
To filter groups.
Only those groups who are selected here are searchable through Windchill.
Examples:
If the Enterprise Node (LDAP) is:
cn=*(Searches for all Groups)
or
cn=gr* (Searches for all Groups with the name starting with gr).
If the Enterprise Node is ADS:
cn=*(Searches for all Groups)
or
cn=gr*(Searches for all Groups with the name starting with gr), and so on.
* 
You can modify this criteria after installation by going into Site > Utilities > Info*Engine and selecting the respective Enterprise Adapter.
LDAP Server Attribute Mapping to Windchill Attributes
Attribute mapping is configured in the LDAP Adapters. The values supplied here are stored in the LDAP Adapter definition. An option is provided to allow the automatic addition of a default set for ADS. ADS can not be used without specifying a default set. The defaults can be adjusted to suit a site’s needs. For other LDAP V3 compliant LDAP directories no mappings are required. If a site requires, mappings can be defined in any configured LDAP Adapter by consulting Configuring Additional Enterprise Directories.
Default User Mappings for ADS Attributes
The "Option" column specifies the attribute name expected by Windchill and the "Default" column specifies the ADS attribute name.
Option
Default
User Certificate
userCertificate
Unique Identifier Attribute
sAMAccountName
Telephone Number
telephoneNumber
Postal Address
postalAddress
Preferred Language
preferredLanguage
Common Name
cn
Surname
sn
Mobile Phone Number
mobile
E-Mail Address
mail
Object Class
user
Organization Name
company
Fax Number
facsimileTelephoneNumber
Unique Identifier
sAMAccountName
Descriptions for these fields can be found in Configuring Additional Enterprise Directories.
* 
By default, both the unique identifier attribute and the unique identifier can have the same value; however, the unique identifier attribute must always point to an attribute that holds a unique value. If you do not have multiple subdomains in your ADS configuration, and you know that the sAMAccountName is unique within a single domain, then you can use the default value for your unique identifier attribute. If the values for your sAMAccountName are not unique, then you should use the userPrincipalName for your unique identifier attribute.
* 
The most important required attribute after name and password is the Organization Name that is mapped to Company by default. This attribute should have a value set for each Active Directory user that is also a Windchill user (excepting Site Administrators). The value must match one of the existing Organizations that is configured in Windchill Directory Server.
Default Group Mappings for ADS Attributes
The "Option" column specifies the attribute name expected by Windchill and the "Default" column specifies the ADS attribute name.
Option
Default
Unique Identifier Attribute
sAMAccountName
Description
description
Object Class
group
Unique Member
member
Descriptions for these fields can be found in Configuring Additional Enterprise Directories.