Connecting to an LDAP Server
To be able to insert groups and users from an LDAP server in the LDAP Groups and LDAP Users areas, you must first create at least one connection to an LDAP server.
1. If the LDAP Settings area is not active, click the LDAP Settings icon in the shortcut bar.
In this area, the LDAP Settings pane displays the connected LDAP servers you can query.
2. To add a server connection, do one of the following:
◦ Click < Click here to insert a new record >.
◦ Right-click and select Insert LDAP Settings.
◦ Select > .
3. In the pane to the right, supply the settings for connecting to this server.
 |
For an LDAP server that is in the domain, you can click Discover Settings to populate settings automatically. For a Microsoft Active Directory (AD) server, you must first provide values for two settings before the Administrator application can return the directory name: Port number and Encryption.
|
|
Setting
|
Description
|
||
|
Directory name
|
The name to which you want to save the settings. This name is used to identify the server in the Administrator application. If the server is in the domain, you can click the Discover Settings button to return all settings.
|
||
|
Discover Settings  |
When clicked, if the server is Active Directory(AD) domain, all settings are automatically discovered and populated. Otherwise, to create a connection to a server that is not AD domain, you must first provide values for four settings: Port number, Encryption, User name, and Password. If the supplied settings result in locating the server, its name is shown for Server name.
• If a connection to the LDAP server cannot be made when Negotiate is selected for encryption, then the Is Active Directory domain checkbox is automatically selected because use of AD is assumed.
• If the server cannot be located, a window opens, indicating that it was not found. To be able to locate an AD server, the computer on which it is running must belong to a domain.
|
||
|
Server name
|
The name of the LDAP server from which you want to load groups and users.
|
||
|
Port number
|
The number of the port to use for passing data between the LDAP server and the Administrator application. The default port for no encryption is 389. The default port for SSL encryption is 636.
|
||
|
Encryption
|
Indicates the type of encryption used to ensure secure transmission of data packets between the LDAP server and the Administrator application. Choices are None and Secure Sockets Layer (SSL). SSL, typically used for web applications accessed through IIS Manager, is based on public-key certificates that enable mutual authentication between the client and server.
|
||
|
Ignore certificate errors
|
Available only when Secure Sockets Layer (SSL) is selected for encryption, indicates if SSL security should be bypassed if the LDAP client, which is the Windchill Risk and Reliability server, cannot validate the certificate.
|
||
|
Is Active Directory domain
|
Indicates whether the LDAP server is the centralized Microsoft Active Directory (AD) server used to store and manage user accounts and security information for resources in the domain. The status of this checkbox determines which choice is selected for Authentication mode, which is display-only.
• When this checkbox is cleared, Simple is selected.
• When this checkbox is selected, Negotiate (Active Directory) is selected.
|
||
|
Authentication mode
|
Indicates the type of process used to verify the user name and password. This option is display-only. Choices are Simple and Negotiate (Active Directory). The status of Is Active directory domain determines which choice is selected. If Simple is selected, users with blank passwords cannot log into Windchill Risk and Reliability.
|
||
|
User name
|
The name for the user account that is to access the LDAP server. If this server is an AD server, you might need to precede the AD user name with the name of the server where this user is registered. An example follows:
ptc\susan smith
If the user name belongs to more than one configured AD server, the name is authenticated against the first server where the name is found. If authentication fails, no attempt is made to authenticate against other servers. A user can be authenticated against a specific server when the name of the server is included as shown above.
Other types of LDAP servers might require the user to be specified as a full or partial distinguished name. Two examples follow:
cn=Manager cn=Manager,dc=example,dc=com
|
||
|
Password
|
The password for the user account.
|
||
|
Location to start search (DN)
|
An LDAP server search path that indicates where the Administrator application is to start looking for group and user information in the directory tree. Two examples follow:
ou=Development,dc=ptc,dc=com dc=ptc,dc=local
|
||
|
Search timeout
|
The maximum number of seconds to spend in an attempt to locate and load group and user information. The range is from 1 to 120 seconds. The default is 120.
|
||
|
Requires user name prefix
|
Indicates whether the text entered for User name prefix is prepended to LDAP user names when communicating with the LDAP server for authentication.
When this checkbox is selected, the format for the LDAP user name is [User name prefix]\[User name].
|
||
|
User name prefix
|
The text to prepend to LDAP user name when Requires user name prefix is selected.
|
||
|
[Mapping table]
|
Provides for mapping LDAP attributes to data that Windchill Risk and Reliability requires. The first column describes the data required and is display-only.
• User search filter describes how Windchill Risk and Reliability will search for a user on an LDAP server.
• Group search filter describes how Windchill Risk and Reliability will search for a group on an LDAP server.
• The remaining data is self-explanatory.
The second column contains the LDAP attributes that should be used to provide the data to Windchill Risk and Reliability. For all but the first two rows, which are user and group search filters, the second column contains either a single attribute or a list of attributes separated by semicolons. When multiple attributes are listed, they are obtained in order from left to right, until a non-blank value is returned. The default values should work on most systems. If you clear a default value, when you exit the cell, it is immediately
|
||
 |
When clicked, an attempt is made to connect to the LDAP server using the settings specified. Results of all tests are shown in the Test LDAP Settings window. For more information, see Test LDAP Settings Window. If settings are invalid, a message appears to the right of this button, indicating that a connection cannot be made. After you correct the settings, this message remains until you either click Test Settings again or select another server record and then come back to this one.
|
4. Click Testing Settings to ensure that the connection is made successfully. The Test LDAP Settings window opens so that you can see if all tests pass. For more information, see Test LDAP Settings Window.
5. When finished viewing test results, click Close.
If the test failed, you must modify the settings until the connection is made successfully.
6. To establish connections with additional servers, repeat steps 2 through 6 for each server.
Once the first server connection is established, the LDAP Groups and LDAP Users areas become available. Your next steps are to insert the LDAP groups and LDAP users who you want to have access Windchill Risk and Reliability applications. For more information, see:
If you delete a server from the LDAP Settings area, a confirmation window opens because the deletion cannot be undone. Deleting a server deletes all groups and users inserted from this server.
Related Links