Upload
joelarceniow
View
327
Download
27
Tags:
Embed Size (px)
DESCRIPTION
Configure Active Directory on Windchill 9.1
Citation preview
Active Directory Setup for Windchill 9.1
Ajay [email protected]
Document PropertiesFile NameStatus
ActiveDirectorySetupR91.docReleased
Change HistoryDateAuthorVersionChange Reference
OCT/08/2009Ajay Valvi0.1Draft
NOV/30/2009Ajay Valvi1.0Released
Accepted By
Accepted By:Approval DateComments
Hemant ShadraNOV/30/2009
Table of Content41.Introduction
42.Assumptions
43.Understanding Windchill and LDAP Directory Service
54.Enabling Active Directory Integration with Windchill
54.1.Required Inputs from Active Directory
75.Enabling Active Directory Integration during New Installation
95.1.2.Specifying user organization
105.1.3.Testing the configuration
116.Enabling Active Directory Integration for Existing Windchill Instance
116.1.Connecting to Active Directory
116.1.1.Updating EnterpriseLDAP Adapter to connect to Active Directory
146.1.2.Configuring Apache to connect to EnterpriseLDAP
146.1.3.Setting authentication in MapCredentials.xml file
146.2.Retargeting Users
166.2.1.Retargeting procedure
19Appendix
19Sample Summary.htm File
20Sample app-Windchill-AuthProvider.xml file
20Sample mapCredentials.txt file
21LDAP Browser login sequence
22External References
1. Introduction
The purpose of this document is to provide information to the consultant about the specific configuration involved to set up an Active Directory Integration with Windchill 9.1. Active directory can be integrated with a Windchill instance during a new installation or with an existing Windchill Instance. When an existing instance of Windchill is integrated with an existing instance of Active Directory, the users from Aphelion must be retargeted to the Active Directory such that Windchill maintains to use the Active Directory references. This document covers the following topics:
Enabling Active Directory Integration for a New Windchill Instance
Enabling Active Directory Integration for an Existing Windchill Instance
Retargeting UsersThis document should be used as a reference for configuring Active Directory integration with Windchill 9.1; however, it is imperative that the consultant refers to the Configuring Additional Enterprise Directories section from the Windchill Installation and Configuration Guide - Advanced.It is strongly recommended that any of these techniques be tested, repeatedly, in a controlled test environment to insure that they are functioning as desired before executing them in a production.2. Assumptions
This document introduces you to the required steps for configuring Active Directory integration with Windchill 9.1.
This document assumes that the consultant has a good understanding of Windchill System Administration and a basic understanding of LDAP structure and Active Directory.It is strongly recommended that before performing any of the modifications to the Aphelion LDAP or database, the consultant should contact tech support for more direct assistance and guidance in their efforts with the LDAP.3. Understanding Windchill and LDAP Directory ServiceWindchill utilizes an LDAP directory service or multiple LDAP directory services for two purposes:
Provide user and group administration.
Store application-specific configuration information to Windchill.
PTC bundles an LDAP directory service with Windchill. The LDAP that is bundled can be leveraged for both purposes or solely for managing the application-specific information. Windchill has no specific limitation as to the number of LDAP instances that are integrated with Windchill for user and group administration.
Note
Windchill 9.1 M030 introduces new LDAP Directory Server Option (Windchill DS powered by OpenDS Technology), an alternative to Aphelion directory server. Windchill releases before 9.1 M030 used Aphelion as a part of the bundled LDAP directory service. The steps mentioned in this document are applicable to all releases of Windchill 9.0 and 9.1
Various configurations have been utilized to satisfy a variety of customers requirements. One such requirement is to integrate Windchill with an already existing Active Directory Server (ADS) for both authentication and account management.If the customer is already using Active Directory Server (ADS) as enterprise LDAP service, Windchill can be integrated with ADS such that the user information is maintained in the existing ADS directory. Windchill can query entries in ADS using a JNDI adapter.
An Active Directory integration with Windchill is a read-only configuration. Therefore, Windchill cannot create, modify, or delete entries in an ADS directory. This means Windchill cannot be used to administer user information in ADS (standard Microsoft administration tools must be used instead). Windchill must have the ability to update group information and organization information; therefore, these must be stored in Aphelion that provides full access to Windchill, not ADS. As a result, in this scenario you would maintain two different LDAP directories, one to maintain groups and the other for Users in support of Windchill.
When considering Active Directory integration with Windchill, it is implied that the Groups are stored in Aphelion and Users are maintained in the Active Directory.In PDMLINK 8.0, during the configuration a new custom adapter has to be created for LDAP integration. But in PDMLINK 9.0 and later versions, we dont have to create any new adapter or repository; we can use the existing adapter that is created OOTB (for example com.example.EnterpriseLdap).
The EnterpriseLdap adapter is defined such that it enables a site to easily connect to an existing Corporate LDAP to allow existing corporate users to be validated for Windchill use.
Active directory can be integrated with a Windchill instance during a new installation or to an existing Windchill Instance. Both the methods have been explained later in this document.
4. Enabling Active Directory Integration with Windchill While installing a new Windchill instance, the following three steps are required.
Connecting to Active Directory during installation
Specifying user organization (optional)
Editing JNDI entry to change search scope
4.1. Required Inputs from Active Directory
Before starting with any installation or configuration activities, following is the minimum required information that needs to be obtained to connect to an Active Directory.
Inputs from Active Directory
Enterprise Repository LDAP Server Host Name
DescriptionHost name to connect to the Microsoft Active Directory Service (ADS) Server
Exampleseha074.ptcnet.ptc.com
Search Base or Base Distinguished Name for Enterprise Users
DescriptionThe distinguished name of an LDAP subtree under which Enterprise LDAP entries reside.
Users and groups under this subtree will be visible to Windchill
ExampleCN=Users,DC=example,DC=com
Enterprise Repository LDAP User Distinguished Name or Directory System Agent User
DescriptionThe distinguished name of an existing ADS user
ExampleCN= Bind User, CN=Users,DC=example,DC=com or user@domain
Enterprise Repository LDAP Password or Directory System Agent Credentials
DescriptionEnter the password of the specified user -
Enterprise Repository LDAP Server Port
DescriptionPort to bind to the Active Directory Server
Always use 3268 for the port when configuring Windchill with Active Directory, rather than the default LDAP port (i.e. port 389). If you bind to port 389 (even if you bind to a Global Catalog server) your search includes a single domain directory partition. If you bind to port 3268, your search includes all directory partitions in the forest. Subtree search seems to work better with 3268.Verify the port number with the Customers System Administrator
The following flowchart helps to visualize the steps involved in Active Directory Integration
5. Enabling Active Directory Integration during New InstallationDuring installation, Active Directory specific information needs to be entered on various PSI pages.
5.1.1.1. LDAP settings page
On the LDAP settings page, you must perform the following two settings:
1. Enter the Base Distinguished Name for Enterprise Users You need to mention the distinguished name of the LDAP subtree, also called the search base, in Active Directory where the users and groups reside. For Example : CN=Users,DC=example,DC=com You can set the Search Base to the root (i.e. "DC=example,DC=com") if you have users in different nodes. However, setting the Search Base to the root might result in poor performance.Note
For more information refer to the 'Entering Your LDAP Settings' section in the Windchill Installation and Configuration Guide Advanced. Windchill 9.12. Select the Enable Separate Enterprise LDAP Server check box to enable it
On selecting this check box, the next screen displays JNDI Adapter Settings page to specify the settings for the separate LDAP server.
Ensure the Enable Separate Enterprise LDAP Server check box is enabled else the next page wont display the JNDI settings page.5.1.1.2. JNDI settings pageOn the JNDI settings page, enter the following information:3. Enter the fully qualified hostname of the Microsoft Active Directory Service (ADS) Server in the Enterprise Repository LDAP Server Host Name text field.4. Enter 3268 in the Enterprise Repository LDAP Server Port text field. When configuring Windchill with Active Directory, always use 3268 for the port rather than the default LDAP port (i.e. port 389).
5. Select the Bind as User radio button for LDAP Connection type.6. Enter the distinguished name of an existing ADS user in the Enterprise Repository LDAP User Distinguished Name text field. For Example : CN= Bind User, CN=Users,DC=example,DC=com7. Enter the password for the specified user in the Enterprise Repository LDAP Password text field.8. Select the Groups check box, and ensure that the Users check box is enabled as well.9. Select the Active Directory Service (ADS) radio button as LDAP service.
5.1.1.3. Core Product Settings page
On the Core Product Settings page, select the Administrative radio button option for Select the Repository Where the Site Administrator is Stored setting. Since Windchill has Read Only access to the Active Directory, the Windchill Administrator must be created in the Administrative LDAP.
5.1.2. Specifying user organization
In order to assign an initial organization name to a user, the EnterpriseLDAP Adapter must be modified to include an additional property. Add the usersOrganizationName custom property to set the initial organization name for all users accessed through the EnterpriseLDAP Adapter. Navigate to Info*Engine Administrator page from Site > Utilities > Info*Engine Administrator. Log on by entering cn=Manager and the appropriate password.
Select the JNDI adapter by the name com..EnterpriseLDAP to open the Property Editor page.
Edit the Adapter to change the LDAP search scope and add an additional property Select the drop down list for LDAP Search Scope and set it to SUBTREE.
Enter 'com.test.example.EnterpriseLdap.windchill.mapping.usersOrganizationName' in the Property text field and '' in the Value text field and click the Add button.This property associates an initial organization name to the user. Refer to the "Setting the User Organization" section in the Windchill Installation and Configuration Guide Advanced for more information about the need for setting this property
Click OK to complete the modification to the Adapter. Select OK again on the confirmation window.
5.1.3. Testing the configuration
Search and add Active Directory users and groups to various roles, such as Product Creators, Members, Guests, etc., in test products and libraries.
Log on as new users and create products and documents to verify successful login and object creation abilities.
6. Enabling Active Directory Integration for Existing Windchill InstanceFor an existing instance of Windchill, two aspects should be considered while adding an additional Enterprise Directory: First is connecting to a Corporate LDAP like Active Directory to Windchill so that one can add users and groups from Active Directory to Windchill. Second is to be able to retarget the existing users from Aphelion to the Active Directory so that next time the users login they are maintained and authenticated against the Active Directory Before starting with any configuration activity, it is necessary that one reads through the Retargeting Users section. Though the retargeting users is done after making the configuration changes to connect to Active Directory, it is important to understand and analyze the effort and complexities involved before starting the configuration changes.
6.1. Connecting to Active Directory
Connecting to Active Directory involves the following three steps: Update EnterpriseLDAP Adapter to connect to Active Directory. Configure Apache to connect to EnterpriseLDAP. Set Authentication in MapCredentials.xml file.6.1.1. Updating EnterpriseLDAP Adapter to connect to Active Directory
Before you start updating the EnterpriseLDAP, collect the required information as mentioned in the Required Inputs from Active Directory section
10. Navigate to the Info*Engine Administrator page from Site > Utilities > Info*Engine Administrator.11. Log on by entering cn=Manager and the appropriate password.12. Select the JNDI adapter by the name com..EnterpriseLDAP to open the Property Editor page.13. Edit the following Adapter properties settings.JNDI Adapter PropertyValue
Service Namecom.example.EnterpriseLdap
Runtime Service Namecom.example.EnterpriseLdap
Service Classcom.infoengine.jndi.JNDIAdapterImpl
Host , PortLeave it Blank
Provider Urlldap://activedirectoryhost.example.com:3268
Directory System Agent UserCN=Bind User,CN=Users,DC=example,DC=com
Directory System Agent Credentials
Search BaseCN=Users,DC=example,DC=com
You can set the Search Base to the root (i.e. "DC=example,DC=com") if you have users in different nodes. However, setting the Search Base to the root might result in poor performance.
LDAP Search ScopeSUBTREE
14. Add the following Adapter properties one by one in the Additional Properties section
Additional PropertiesValue
com.test.example.EnterpriseLdap.windchill.config.doesNotContainGroupstrue
com.test.example.EnterpriseLdap.windchill.config.directoryTypeADS
com.test.example.EnterpriseLdap.windchill.config.readOnlytrue
com.test.example.EnterpriseLdap.windchill.mapping.group.descriptiondescription
*com.test.example.EnterpriseLdap.windchill.mapping.group.objectClassgroup
*com.test.example.EnterpriseLdap.windchill.mapping.group.uniqueIdAttribute**sAMAccountName
com.test.example.EnterpriseLdap.windchill.mapping.group.uniqueMembermember
*com.test.example.EnterpriseLdap.windchill.mapping.user.cncn
com.test.example.EnterpriseLdap.windchill.mapping.user.facsmileTelephoneNumberfacsmileTelephoneNumber
*com.test.example.EnterpriseLdap.windchill.mapping.user.mailmail
com.test.example.EnterpriseLdap.windchill.mapping.user.mobilemobile
*com.test.example.EnterpriseLdap.windchill.mapping.user.ocompany
*com.test.example.EnterpriseLdap.windchill.mapping.user.objectClassuser
com.test.example.EnterpriseLdap.windchill.mapping.user.postalAddresspostalAddress
com.test.example.EnterpriseLdap.windchill.mapping.user.preferredLanguagepreferredLanguage
com.test.example.EnterpriseLdap.windchill.mapping.user.snsn
com.test.example.EnterpriseLdap.windchill.mapping.user.telephoneNumbertelephoneNumber
*com.test.example.EnterpriseLdap.windchill.mapping.user.uid**sAMAccountName
*com.test.example.EnterpriseLdap.windchill.mapping.user.uniqueIdAttribute**sAMAccountName
com.test.example.EnterpriseLdap.windchill.mapping.user.userCertificateuserCertificate
*com.test.example.EnterpriseLdap.windchill.mapping.usersOrganizationName
The * marked properties are mandatory properties. The other properties may or may not be included.
**If you have an Active Directory forest then the sAMAccountName name might not be unique across different Active Directory domains. In that case please use the userPrincipalName. The format of the userPrincipalName is @ which guaranties userPrincipalName to be unique across all domains.
6.1.2. Configuring Apache to connect to EnterpriseLDAPConfigure Apache Web Server such that it points to the Active Directory for authentication.
Execute the following command in a Windchill shell and from the Apache load point folder to update the authentication properties: ant -f webAppConfig.xml addAuthProvider -DappName= -DproviderName=EnterpriseLdap -DldapUrl=" ldap:// actdirhost.test.com:3268/OU=ptc,DC=actdirhost,DC=test,DC=com?sAMAccountName?sub?(objectClass=*)" -DbindDn="CN=BindUser,CN=Users,DC=actdirhost,DC=test,DC=com" -DbindPwd=""
Note
The Ant command must be entered in a single line though it appears to be multiline command
To verify if the Ant script has updated the changes appropriately, refer to the sample file of the app-Windchill-AuthProvider.xml in the Appendix to compare with and verify after making the Apache Configuration Changes.6.1.3. Setting authentication in MapCredentials.xml fileThe MapCredentials.xml file is used to specify the authentication access to a specific Info*Engine adapter. If no parameters are added to the MapCredentials file, the default access to the enterprise directory is anonymous. To access ADS, a proper Bind user must be specified.
Add the following two properties to the site.xconf and propagate the changes using the Windchill shell.
Additional properties
There are chances that these properties already exist. Ensure that the values for these properties include the Bind User path and password.To verify if the properties have been propagated appropriately, compare with the sample mapCredentials.txt file in the Appendix.6.2. Retargeting UsersFor customers who wish to manage users in Active Directory, retargeting existing users in Aphelion to Active directory is the most common method for moving users. Retargeting users involves changing the Windchill reference to a user from Aphelion to the corporate Active Directory. This is either done in an effort to utilize a single sign on method or to reduce the administrative overhead of maintaining users in multiple LDAPs.
There are a couple of significant relationships that a user has inside of the data found within Windchill. All data records in Windchill are related to a WTUser, which has a relationship to a specific entry in the database that maintains the users DN (Distinguished Name) and LDAP adapter.
The DN of the user is also referenced in a multitude of Groups that are also found in the LDAP. Moving users from Aphelion to an Active Directory will not include moving the Groups to the corporate LDAP simply based on the volume of the groups that Windchill can create and their relative insignificance to the entire organization. However, it is possible to select and add groups managed in Active Directory in Windchill.Retargeting users essentially involves changing the references of users in Windchill to the newly connected Active Directory instead of Aphelion with the following condition:
The users in Aphelion already exist in Active Directory. If the users exist in Active Directory, they must have the same UID.To retarget users, the above condition must be satisfied. Out-of-the-box ADS does not have a uid attribute for user objects. Instead there are two attributes that contain the user id (uid) information. The first is sAMAccountName, which is the uid itself. The second is userPrincipalName, which is the uid with the domain appended (for example [email protected]). In Aphelion or WindchillDS the UID corresponds to the username.Before retargeting users to the corporate Active Directory, a few pre-migration steps need to be performed to ensure that the data to which Windchill expects to have access to is readily available.
A detailed analysis of both the LDAPs must be done to find out any mismatch. Do all of the users exist in the corporate LDAP?
If some of them do not exist, create users in the Corporate Active directory.
In some cases, most users may no longer be employed, which means such users do not need to be retargeted. Is the UID of the user in the corporate LDAP equivalent to the ID stored within Aphelion?
If the ID is not the same, rename the user in Aphelion to match the entry in the Active Directory LDAP first
Does the corporate LDAP use the same attributes as Aphelion?
If not, the attributes must be mapped appropriately. This means when you configure the JNDI adapter you must provide additional attribute-mapping properties to map the default Windchill user and group attributes to the corresponding user and group and group attributes used by your LDAP directory. Refer to the 'Mapping User and Group and Group LDAP Values in an Existing Directory' section in the 'Windchill Installation and Configuration Guide Advanced'. Is the DN structure of the corporate LDAP such that you need multiple search base DNs to search for all required users?
It is possible that the customer may provide with multiple search base DNs for users within its Active Directory. If the corporate LDAP is structured such that it has multiple DNs for various users, a unique JNDI adapter will be required for each DN node. Refer to the 'Create JNDI Adapter Entry' and 'Create Repository Definition' sections to add additional adapter in the 'Windchill Installation and Configuration Guide Advanced' Are suppliers and external IDs stored in Aphelion?
Investigate how suppliers are handled in the corporate LDAP. It is possible that suppliers or external users are stored in a different LDAP server or may be a separate forest is created for them. In such a case you may have to create a separate JNDI Adapter in order to search for those users or you could still maintain them in the Aphelion or Windchill DS.This document does not provide methods to troubleshoot or correct any discrepancies in the data if the UIDs do not match. It is strongly recommended that before performing any of the modifications to the Aphelion LDAP or database, the consultant should contact Technical support for more direct assistance and guidance in their efforts with the LDAP.6.2.1. Retargeting procedureThis procedure involves disconnecting the user in Windchill by deleting it from Aphelion and then connecting the disconnected user to the user in Active Directory. Another method is to replace the DN info within the database with a new DN such that it points to Active Directory.
Before starting with the retargeting procedure: Remember that the Administrator (wcadmin) user always stays in Aphelion. Take Aphelion and Database backups to restore to the original state if necessary. Ensure that no users are accessing Windchill during the retargeting procedure. Ensure users being retargeted exist in Active Directory and have the same UID as in Aphelion.The following steps list down the method to retarget a Windchill User pat2. A similar method should be used to retarget users either one by one or all at a time.
6.2.1.1. Listing the entries in the databaseOpen Windchill Shell, navigate to /db/sql, and log onto sqlplus as a database user. sqlplus /@Note
The dbuser, dbpasswd and Windchill_db_name values can be found in the \db\db.properties wt.pom.dbUser, wt.pom.dbPassword & wt.pom.jdbc.service
Enter the following query to review the remoteobjectid values and review the returned results. select remoteobjectid from remoteobjectid;
6.2.1.2. Delete user from Aphelion or Windchill DS
Browse through the LDAPBrowser to locate and delete the required user to be retargeted.
6.2.1.3. Replace user from the Principal Administrator page
Once the user has been deleted from the Aphelion, it becomes a disconnected principal in Windchill. This user must be retargeted to the user in Active Directory. Navigate to the Site > Utilities page and click the Principal Administrators link to open the Principal Administrators page. Click the Maintenance link to open the Disconnected Principals table. Click the Search for Disconnected Principals icon.
The Find All Disconnected Principals page lists the deleted user. Select the user and click OK. Click the Edit Principal button to edit the disconnected principal address.
Search for the user by entering the username of the deleted user and clicking Search on the Associate New User with Disconnected User page
The search returns the same user from Active Directory. Select the radio button against the user and click OK.
On selecting OK, the user is removed from the Disconnected Principals table. The user is now retargeted. Verify this by running the SQL query select remoteobjectid from remoteobjectid; again. The results should show the new DN value.Appendix
Sample Summary.htm File
Here is a sample file of the Summary.htm file extract for New Windchill Installation to compare with. LDAP Settings
LDAP Server DNS Registered Host Name:
windchillhost.example.test.com
LDAP Port Number:
389
Administrator Distinguished Name:
cn=Manager
Administrator Password:
**********
Confirm Administrator Password:
**********
Base Distinguished Name for Product Properties:
cn=configuration,cn=Windchill_9.1,o=adplm
Base Distinguished Name for Administrative Users:
ou=people,cn=AdministrativeLdap, cn=Windchill_9.1,o=adplm
Base Distinguished Name for Enterprise Users:
CN=Users,DC=windchillhost,DC=example,DC=test,DC=com
Enable Separate Enterprise LDAP Server
Yes
JNDI Adapter Settings
Enterprise Repository LDAP Server Host Name:
actdirhost.test.com
Enterprise Repository LDAP Server Port:
3268
Enterprise Adapter Name
com.test.example.EnterpriseLdap
LDAP Connection
Bind as User
Enterprise Repository LDAP User Distinguished Name:
CN=Bind User,CN=Users,DC=actdirhost,DC=test,DC=comEnterprise Repository LDAP Password:
Windchill Privileges for Repository
Read Only
LDAP Service
Active Directory Service (ADS)
Repository Contains
Users
Groups
User Filter:
CN=*
Group Filter:
CN=*
Core Product Settings
Windchill Site Administrator:
Create New
Windchill Site Administrator User Name
wcadmin
Windchill Site Administrator Password:
********
Confirm Windchill Site Administrator Password:
********
Select the Repository Where the Site Administrator is Stored:
Administrative
Web Application Context Root:
Windchill
Info*Engine Server Task Processor Port Number:
10002
Initial Organization Name:
adplm
Organization Internet Domain Name:
example.test.com
Sample app-Windchill-AuthProvider.xml file
Here is a sample of the app-Windchill-AuthProvider.xml file to compare with after making the Apache Configuration Changes.
Alternatively, you can accomplish the Apache Configuration by editing the "/conf/extra/app-Windchill-AuthProvider.xml and propagating the changes as shown below:app-Windchill-AuthProvider.xml
Windchill-AdministrativeLdap ldap://windchillhost.example.test.com:389/ou=people,cn=AdministrativeLdap,cn=Windchill_9.1,o=ptc
cn=Manager
Windchill-EnterpriseLdap
ldap:// actdirhost.test.com:3268/OU=ptc,DC=actdirhost,DC=test,DC=com?sAMAccountName?sub?(objectClass=*)
CN= Bind User,CN=Users, DC=actdirhost,DC=test,DC=com
To propagate these properties into .conf files, execute the following command in a Windchill shell and from the Apache load point folder:
ant -f webAppConfig.xml regenWebAppConf
Sample mapCredentials.txt file
Here is a sample of the \codebase\WEB-INF\mapCredentials.txt file to compare with after adding to the mapcredentials.admin.adapters property.mapCredentials.txt
mapcredentials.admin.adapters=com.test.example.Ldap^cn\=Manager^;com.test.example.Ldap-Pending^cn\=Manager^;com.test.example.EnterpriseLdap^ CN=BindUser,CN=Users, DC=actdirhost,DC=test,DC=com ^
mapcredentials.admin.default.ldap=$(wt.rmi.server.hostname)$(credentials.fieldsep)$(ie.ldap.managerDn)$(credentials.fieldsep)$(ie.ldap.managerPw)
mapcredentials.admin.pendinguser.ldap=$(wt.rmi.server.hostname)$(credentials.fieldsep)$(ie.ldap.managerDn)$(credentials.fieldsep)$(ie.ldap.managerPw)
mapcredentials.nonprivileged.adapters=
LDAP Browser login sequence
The Image below shows the sequence to log onto Aphelion LDAP Browser. Connecting to LDAP using a valid LDAP User (cn=Manager) allows deleting or modifying access.
Select browser > Select Edit > Uncheck Anonymous bind checkbox > Enter Password > Select Save > Select Connect
For starting up WindchillDS browser or the control panel double click the control-panel.bat located at \server\bat folder
External References
ReferenceDescription
Configuring Additional Enterprise Directories Windchill Installation and Configuration Guide Advanced
Windchill 9.1
TANTANs and TPITPIs135027 , 126775, 124774, 137040, 133029, 139095, 137919, 134754,124667
White Paper Windchill LDAP Integration, Migration and Common Challenges Authored by Steve Dertien
Confidential - PTC Proprietary
ActiveDirectorySetupR91.docLast printed Jul/01/2009 | Page 14 of 22