Using a Single Windchill Directory Server for Publisher and Viewer
It is recommended to set up and configure separate internal LDAP (Windchill Directory Server) for Publisher and Viewers. If you must have a single LDAP for both Publisher applications (Task Manager and configurator) as well as Viewers, perform the following steps to restrict the access for Task Manager and configurator applications:
1. Edit <InService_home>\InS_SW\SW\System\WildFly\standalone\configuration\standalone-full-<database-name>.xml of Publisher.
2. Add a new security domain section with a name such as InServiceTaskManager:
3. Modify the baseFilter module-option to define the LDAP group to provide access.
<module-option name="baseFilter" value="(&(sAMAccountName={0})
(memberOf=CN=Group01,CN=Users,DC=ad,DC=ptcnet,DC=com))"/>
4. Edit <InService_home>\InS_SW\Config\System\Config\customizedContext_3.conf.xml and replace the login.configuration.name property with the new security domain name created in step 2.
<Property Name="login.configuration.name" Value="InServiceTaskManager" />
5. Restart the services.
