|
Depending on the product you are installing, the default LDAP directory structure is different.
|
Option
|
Description
|
LDAP Service
|
Select this option if the enterprise node is ADS. Otherwise, select other V3 compliant LDAP.
As soon as you select ADS, the following options later in this section are highlighted. See Default User Mappings for ADS Attributes.
|
LDAP Adapter Name
|
Single LDAP Adapter can be configured.
|
LDAP Server Host Name
|
<hostname>.<domain> is the default.
|
Base Distinguished Name for LDAP Users
|
The base distinguished name for the LDAP Users. The setup program creates the directory using the distinguished name that you specify.
|
Option
|
Default
|
Description
|
LDAP Server Port
|
389
|
Defines the port number that the LDAP listens on for requests.
|
LDAP User Distinguished Name
|
Specifies a user node in the LDAP hierarchy that contains all users in the directory that should be visible to Windchill.
|
|
LDAP Password
|
LDAP administrator’s password.
|
Option
|
Default
|
Description
|
||
LDAP Service
|
Active Directory Service (ADS)
|
Select this option if the enterprise node is ADS. Otherwise, select other V3 compliant LDAP.
As soon as you select ADS, the following options later in this section are highlighted. See Default User Mappings for ADS Attributes.
|
||
Windchill Privileges for Repository
|
Read Only.
|
You can opt for load demo user only if Read and Write options are selected.
|
||
Repository Contains
|
Users
|
Select the option as per the requirement. Select either the Users or Groups check box.
Depending on the option selected, the application will consider the users or groups defined in this Enterprise LDAP when determining access to Windchill.
If the repository is read-only, the application will not attempt to manage users and groups in the repository.
|
||
LDAP Connection
|
Bind as User
|
Specifies the bind method used to connect to the Enterprise repository.
Two options are available:
• Bind as Anonymous—this option does not require a user name to read the contents of the repository.
• Bind as User—this option binds the specified user to the directory. This user must exist in the LDAP.
|
||
User Filter
|
To filter users.
Only those users who are selected here are searchable through Windchill
Examples:
• If the Enterprise Node is V3 compliant LDAP:
◦ uid= *(searches for all users)
or
◦ uid= ne* (searches for all users with the name starting with ne).
• If the Enterprise Node is ADS:
◦ cn=* (searches for all users)
or
◦ cn=ne*(searches for all users with the name starting with ne)
|
|||
Group Filter
|
To filter groups.
Only those groups who are selected here are searchable through Windchill.
Examples:
• If the Enterprise Node (LDAP) is:
◦ cn=*(Searches for all Groups)
or
◦ cn=gr* (Searches for all Groups with the name starting with gr).
• If the Enterprise Node is ADS:
◦ cn=*(Searches for all Groups)
or
◦ cn=gr*(Searches for all Groups with the name starting with gr), and so on.
|
Option
|
Default
|
User Certificate
|
userCertificate
|
Unique Identifier Attribute
|
sAMAccountName
|
Telephone Number
|
telephoneNumber
|
Postal Address
|
postalAddress
|
Preferred Language
|
preferredLanguage
|
Common Name
|
cn
|
Surname
|
sn
|
Mobile Phone Number
|
mobile
|
E-Mail Address
|
mail
|
Object Class
|
user
|
Organization Name
|
company
|
Fax Number
|
facsimileTelephoneNumber
|
Unique Identifier
|
sAMAccountName
|
|
By default, both the unique identifier attribute and the unique identifier can have the same value; however, the unique identifier attribute must always point to an attribute that holds a unique value. If you do not have multiple subdomains in your ADS configuration, and you know that the sAMAccountName is unique within a single domain, then you can use the default value for your unique identifier attribute. If the values for your sAMAccountName are not unique, then you should use the userPrincipalName for your unique identifier attribute.
|
|
The most important required attribute after name and password is the Organization Name that is mapped to Company by default. This attribute should have a value set for each Active Directory user that is also a Windchill user (excepting Site Administrators). The value must match one of the existing Organizations that is configured in Windchill Directory Server.
|
Option
|
Default
|
Unique Identifier Attribute
|
sAMAccountName
|
Description
|
description
|
Object Class
|
group
|
Unique Member
|
member
|