Create and Configure the JNDI Adapter
When connecting to another naming or directory service (such as an LDAP service), you must create and configure a Java Naming and Directory Interface (JNDI) adapter. The JNDI adapter enables you to connect to the various naming and directory interfaces accessible using the JNDI system, including an enterprise directory server. The JNDI Service Provider Interface (SPI) provides the means by which naming and directory services are integrated into the JNDI framework. To connect to a directory, the JNDI adapter requires the appropriate JNDI Service Providers.
The following section explains how to create a JNDI adapter entry and configure the default mapping for user and group properties. Refer to the section JNDI Adapter Guide for more information on configuring the JNDI adapter entry and complete descriptions of adapter properties. For more information on creating LDAP entries, see Entering Your LDAP Settings.
The following section explains how to create a JNDI adapter entry and configure the default mapping for user and group properties. see the section JNDI Adapter Guide for more information on configuring the JNDI adapter entry and complete descriptions of adapter properties. For information on creating LDAP entries, see the section Entering Your LDAP Settings in Windchill Help Center.
The JNDI configuration process essentially consists of two main steps:
1. Create a JNDI adapter entry
2. Set additional properties
Create a JNDI Adapter Entry
Adapter properties are maintained as attributes in Info*Engine adapter LDAP entries. Use the Info*Engine Property Administration utility to add or modify Info*Engine adapter LDAP entries. You can access the property administration utility by navigating to Site > Utilities and clicking Info*Engine Administration.
To create a new adapter service LDAP entry, select JNDI Adapter from the Create Entry drop-down menu on the Info*Engine Property Administration main page. Enter values into the form; required fields on the form are indicated with an asterisk (*).
For information about using the Info*Engine Property Administration utility, see Property Administration Main Page.
All adapter LDAP entry forms include the following fields:
Service Name
Distinguished Name
Runtime Service Name
The property administration utility automatically populates the Service Name, Distinguished Name, and Runtime Service Name fields with suggested names. These names are based on information provided when you logged on to the administration utility and also information that is stored in the form:
Service Name—Ensure that this name is unique. If you are providing a new name, give special consideration when using the period character (“.”) as described below.
Distinguished Name—Use the name suggested by the property administration utility. If you enter a new service name, the distinguished name field is updated in response.
Runtime Service Name—This name must be identical to the service name.
You can opt to change these names to match the criteria set up for your site LDAP entries. However, note that the period character (“.”) has unique significance when naming a new JNDI adapter. Including a period character (“.”) influences the format of the name that must be used for the corresponding repository definition.
Many repository names and repository types specify a hierarchical structure, requiring a value formatted as an Internet domain. Therefore Info*Engine adapters are commonly given names that reflect their relationship to the network in which they are deployed. For example:
com.company.host.Ldap
Because this service name includes the period character (“.”), you would need to reverse parts of the name when creating and naming a new repository definition. Therefore, if you choose to name your JNDI adapter com.company.host.Ldap, the corresponding Info*Engine repository must be named:
Ldap.host.company.com
To avoid this, you can provide an adapter name that does not include the period (“.”) character. For example, if you name your JNDI adapter EnterpriseDirectory1, then you would also name the corresponding repository definition EnterpriseDirectory1. For instructions on creating a new repository definition, see Create a Repository Definition .
* 
Such naming convention requirements are only necessary when connecting Windchill to an LDAP directory service that maintains user and group information. However, no such requirements are necessary for other Info*Engine integration configurations.
Service Class
The Service Class property identifies the Java class for the adapter. Use the default provided by the property administration utility.
Serialization Type
Host
Port
Provider URL
Specify the URL used to access your enterprise directory server.
Search Base
Specify the distinguished name of the LDAP node under which all user information is located. All user searches will use this as the base.
Directory System Agent User
Directory System Agent Credentials
These can be used to define the distinguished name and password of the Windchill user who access the enterprise directory. However, PTC recommends that these fields should be left blank and you use the MapCredentials file instead. For more information, see Set Authentication in the MapCredentials.xml File.
Serialization Type
Host
Port
Unless you have a specific reason, all other fields should be left blank.
You can find more information on the remaining adapter properties using the following options:
Hover your cursor over the property name to view a short description of the property.
Click the property name to open a page describing each property.
Click the help link available from the form.
Set Additional Properties
Compare your enterprise directory attributes to the Windchill attributes to determine where differences occur. The Windchill user and group attributes are described in User and Group LDAP Attribute Value Mapping. Use this information when comparing attribute definitions.
If a property is not defined on the form, you can add it in the Additional Properties field. When adding additional properties, the property name is comprised of the name of the adapter entry (the value of the Service Name field on the LDAP entry form) followed by the property name. For example:
<service_name>.pageSize
Set the following additional properties, if necessary. You can add them using the Additional Properties field on the LDAP entry form:
windchill.config.readOnly
Set this property to TRUE to indicate that the directory does not allow modifications performed through Windchill. Otherwise, the property is not required, or it can be set to FALSE.
windchill.config.doesNotContainGroups
Set this property to TRUE to indicate that the directory does not contain groups and should not be searched for groups. Otherwise, the property is not required, or it can be set to FALSE.
windchill.config.directoryType
This property is only required when using a Microsoft Active Directory; otherwise, disregard this property.
Setting this property prompts the adapter to handle some requests in a way that is uniquely compatible with a Microsoft Active Directory:
<service_name>.windchill.config.directoryType=ADS
Once set, this property automatically enables paged searches. To configure paged searches, use the pageSize and pagedSizeLimit properties. For more information, see JNDI Adapter Properties.
* 
Paged searches can be configured for any directory type, but are only enabled by default when using a Microsoft Active Directory. To enable paged searches for other directory types, set the pageSize property.
windchill.mapping.user.attributes
Specifies the LDAP attributes that are available to Windchill and in the participant cache. For example, a typical attribute accessed by Windchill might be:
user.getAttributes().get(“<LDAP-attribute-name>”);
Enter attributes as a comma-separated list.
windchill.mapping.usersOrganizationName
There are two ways to assign an organization name to a user. If a user is not assigned an organization, they cannot access data in any child contexts (such as products, projects, and libraries). The method you use depends on whether or not you need to identify multiple organizations:
If your system has multiple organizations and you need to associate different sets of users to different organizations, you can assign an organization attribute to each user entry in the directory server. The value assigned to the organization attribute is the organization the user is assigned to in Windchill.
By default, Windchill identifies the o attribute in the directory server when looking up an organization name for the user. If your directory server does not use the o attribute, then you must define the attribute that you are associating with the organization name using the following property:
<service_name>.windchill.mapping.user.o=<organization_attribute_name>
Where <service_name> is the service name of the adapter and <organization_attribute_name> is the attribute in your directory server used to associate users with organization names.
If all users accessed through a JNDI adapter belong to the same organization, you can assign the users’ organization name by adding the usersOrganizationName property:
<service_name>.windchill.mapping.usersOrganizationName=<organization_name>
The value you set for this property represents the organization name assigned to all users accessed through this adapter.
If used, this property overrides any organization attribute defined in user entries in the directory server. Only the value of the usersOrganizationName property is used by Windchill. For more information, see Managing User Access to Data.
For more information on mapping attribute values, see User and Group LDAP Attribute Value Mapping.
È stato utile?