Cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP synchronization and password synchronization

Solution Partner Pioneer Solution Partner Pioneer
Solution Partner Pioneer

Hello everybody,

 

I want to synchronize a LDAP repository to a Teamcenter installation.

The purpose of this synchronisation is to create the users from the LDAP in TC.

I saw that the LDAPsync utility could be the most suitable tool, is it ? Or is there a better way ?

(I'm in TC unified 10.1.6.1)

 

Then I wanted to know if it's possible to also get the password of a user from the LDAP ?

 

Thank you in advance for your help.

 

Best regards

Sènan

3 REPLIES 3

Re: LDAP synchronization and password synchronization

Solution Partner Esteemed Contributor Solution Partner Esteemed Contributor
Solution Partner Esteemed Contributor
That is the most suitable tool. There are a bunch of preferences that you need to set in order to be successful. Good luck.

Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4

Re: LDAP synchronization and password synchronization

Experimenter
Experimenter

Hi,

We would like to have the members from one specific group in the LDAP synchronized into TC.

In our test, ldapsync seems to read all users and all groups and deactivate all users in TC.
What are the settings we need to use ?
What should be the LDAP_base_dn ? The ldap root ? or the specific group DN ?
Should we use the following parameters :
LDAP_group_query_ filter
LDAP_group_base_dn
LDAP_sync_member_ flags
LDAP_sync_group_ flags

We don't want to synchronize groups from the LDAP.
Only the members of one specific groups, is it possible ?

Thanks

Re: LDAP synchronization and password synchronization

Siemens Legend Siemens Legend
Siemens Legend
Note:

The ldapsync utility is deprecated and will be removed in a future version of Teamcenter.

The make_user utility is the replacement for the ldapsync utility.

 

from: https://docs.plm.automation.siemens.com/tdoc/tc/11.5/help/#uid:ldapsync

 

About make_user: https://docs.plm.automation.siemens.com/tdoc/tc/11.5/help#uid:xid1256816:index_utilities_reference:i...

About externally managing Organization objects: https://docs.plm.automation.siemens.com/tdoc/tc/11.5/help#uid:ManagingUserConstructs 

 

To be frank, instead of using the TC LDAP sync functionality you'll probably be quicker if you create a tool which grabs the relevant configuration elements from your LDAP tree and converts it into a suitable make_user input file. And then do a recurring synchronisation task to call make_user with whatever automation tools you have available.

 

This might seem dirty but depending on your requirements might end up more flexible, maintainable and debuggable than relying on LDAP sync in the long run.