Using a Single LDAP Server for Publisher and Viewer
It is recommended to set up and configure separate internal LDAP (OpenDJ or any v3–compliant LDAP server) for Publisher and Viewers. If you must have a single LDAP for both Publisher applications (Task Manager and configurator) as well as Viewers, perform the following steps to restrict the access for Task Manager and configurator applications:
1. Edit <HOME>\SW\SW\System\WildFly\standalone\configuration\standalone-full-<database-name>.xml of Publisher.
2. Add a new security domain section with a name such as InServiceTaskManager:
3. Modify the baseFilter module-option to define the LDAP group to provide access.
<module-option name="baseFilter" value="(&(sAMAccountName={0})
(memberOf=CN=Group01,CN=Users,DC=ad,DC=ptcnet,DC=com))"/>
(memberOf=CN=Group01,CN=Users,DC=ad,DC=ptcnet,DC=com))"/>
4. Edit <HOME>\SW\Config\System\Config\customizedContext_3.conf.xml and replacethe login.configuration.name property with the new security domain name created in step 2.
<Property Name="login.configuration.name" Value="InServiceTaskManager" />
5. Restart the services.