Configuring Servigistics InService to Use an External LDAP System
When deploying Servigistics InService you can use an enterprise identity management (LDAP) system to manage your users. You must configure Servigistics InService to access this external user information.
|
The examples provided in this section use a PTC and Windchill LDAP system for demonstration purposes. Edit the commands and code as necessary for your environment.
|
|
User attributes defined in the enterprise system can be used to automate part of the user provisioning process. For example, users can be automatically assigned to certain profiles based on the value of these enterprise attributes. For more information see Mapping User Enterprise Attributes.
|
|
To disable use of internal LDAP set the com.ptc.sc.allowInternalAccountsCreation property to “false” in wt.properties.
|
Configuring Servigistics InService to use an external LDAP system involves the following steps:
1. Creating a JNDI adapter entry using the Info*Engine Administration utility.
2. Creating a repository definition that tells Servigistics InService how to query and manage information in the directory.
3. Adding the JNDI adapter to the list of existing adapters.
4. Setting administrative access control privileges for the directory.
|
The following procedures assume that your external LDAP directory has already been installed and configured.
|
Creating a JNDI Adapter Entry
Use the following procedure to create a JNDI Adapter Entry:
1. Log in to the Info*Engine Administration utility.
|
The login identity used here is not necessarily the same as the Servigistics InService Administrator identity. Rather, the login is to the internal LDAP system and is set during installation. A typical login and password configuration would be cn=Manager/admin.
|
2. Create a JNDI adapter entry for your directory, setting any additional properties that are relevant to your environment.
|
You can use the existing com.ptc.EnterpriseLdap adapter for reference.
|
3. Modify the Provider URL: and Search Base: fields using the new JNDI adapter.
|
You must ensure that the Runtime Service Name is the same as the Service Name.
|
Creating a Repository Definition
Use the following procedure to create a Repository Definition:
1. From the Info*Engine Administration Utility click the Task Delegate Administration.
2. Click Manage Repository.
3. In the Create Repository section, enter a repository name, using the reverse of your JNDI adapter name. For example:
JNDI Adapter Name: com.ptc.ldap-ext.jndiAdapter
Repository Name: jndiAdapter.bkeesara2l1
4. In the Repository Type drop-down list, select com.ptc.windchill-ldap.
5. Click Create.
6. Run the following command in a windchill shell:
xconfmanager -s wt.federation.org.directoryServices='$
(wt.federation.org.defaultAdapter),$(wt.federation.org.enterpriseAdapter),
com.ptc.ldap-ext’ -t
/qa/Servigistics InService103/InS_SW/SW/Applications/Windchill.ear/codebase.war/wt.properties -p
7. Set administrative access control privileges for the directory by modifying the MapCredentials.xml.
|
You have to add the login credentials to the file, so if your adapter is com.ptc.ldap-ext, your username is cn=manager and password is admin
|
8. Run the following command: xconfmanager --add "mapcredentials.admin.adapters=com.ptc.ldap-ext^cn=manager^admin" -t "/qa/InService103/SW/Applications/Windchill.ear/codebase.war/ WEB-INF/mapCredentials.txt" -p
Update the JBOSS Configuration
1. Navigate to <InService HOME>\SW\System\WildFly\standalone\configuration
2. Edit standalone-full.xml by searching for org.jboss.security.auth.spi.LdapExtLoginModule and adding the following login-module, which configures the external LDAP. Change the values in yellow according to your search base.
3. Restart JBOSS.