siemens plm connection - fermilab product lifecycle management system... · ldap sync tool...
TRANSCRIPT
![Page 1: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/1.jpg)
Siemens PLM Connection
LDAPS Ad i i t ti fLDAPSync - Administration of Teamcenter users, groups, roles
Siva JasthiSIEMENS PLM Software
Copyright © Siemens PLM Software Inc. 2008. All rights reserved.
![Page 2: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/2.jpg)
Teamcenter Digital Lifecycle Management Solutionsg y g
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 2
![Page 3: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/3.jpg)
Enterprise Knowledge ManagementEnterprise Knowledge Management
• What is LDAPSync?• Why is this needed?• How does it work?• Examples
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 3
![Page 4: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/4.jpg)
What is LDAPSync?What is LDAPSync?
Maps objects from LDAP to Teamcenter
Teamcenter Objects:UsersPersonsGroupsGroupsRolesGroupMembers
One-way mapping
Mapping:CreateCreateUpdateDeactivateIgnore
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 4
![Page 5: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/5.jpg)
What is LDAPSync? (Contd.)What is LDAPSync? (Contd.)
Objects are externally managed
SSO must be enabled to authenticate users
Batch mode tool – no GUI
Configured using Teamcenter preference parameters
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 5
![Page 6: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/6.jpg)
What is LDAPSync? (Contd.)What is LDAPSync? (Contd.)
Objects are then externally dmanaged
SSO must be enabled to authenticate users
Engineering Database
GroupMembers: JoeS.Code.HR
LDAP Server
Group: HR
Role: Code
LST
Batch mode tool – no GUI
Configured using Teamcenter
Groups: HR
Roles: Code
Users: JoeS
Role: Code
User: JoeS
Configured using Teamcenter preference parameters
Users: JoeS
Persons: Joe Smith
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 6
![Page 7: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/7.jpg)
Why do you need LDAPSync Tool?Why do you need LDAPSync Tool?
Company desires a central database
Authentication occurs in one place
SSO
Sign on
Jim
gn on
SSO
LDAPTcEngineering 3rd party
SSO
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 7
![Page 8: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/8.jpg)
LDAP Sync Tool (LST)LDAP Sync Tool (LST)
Lightweight Directory Access Protocol
Advantages:StandardWidely supportedWidely supportedOffers basic security
LDAP ServersLDAP ServersMicrosoft Active DirectorySun ONE Directory ServerIBM Directory ServeryOpenLDAP
Wiki: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
RFC htt //t l i tf /ht l/ f 4510
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 8
RFC: http://tools.ietf.org/html/rfc4510
![Page 9: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/9.jpg)
How does LST Work?How does LST Work?
Gather Teamcenter data objects
Gather LDAP server objects
Decision time:Decision time:
Create if LDAP but no TC
Update if LDAP > TC
Deactivate if TC but no LDAPUserGroupMember
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 9
![Page 10: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/10.jpg)
LDAPSync ToolLDAPSync Tool
Command line common options
-u=Teamcenter UserID-p=Teamcenter password-g=Teamcenter default groupl=LDAP password-l=LDAP password
-v=verbose mode
Syntax:y> ldapsync –u infodba –p infodba –g dba -v
OutputLDAPSyncLog txtLDAPSyncLog.txtLDAPSyncError.txtLDAPSyncMapDump.txt
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 10
![Page 11: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/11.jpg)
Configuration considerations
Configuration of the ldapsync tool involves updating Teamcenter g p y p gpreference parameters.
All of the TC preference parameters begin with ‘LDAP_’
LDAP server schema changes may be needed if additional customization is desired.
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 11
![Page 12: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/12.jpg)
LDAPSync ToolLDAPSync Tool
TC Preference Parameters
Configuration of the TC preference parameters for ldapsync can be broken up in 5 general categories
1.Connection2.Synchronization3.Group Mapping3 G oup app g4.Role Mapping5.User and Person Mapping
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 12
![Page 13: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/13.jpg)
Connection ParametersConnection Parameters
TC Preference ParametersConnection ParametersLDAP admin dn
Configuration of the TC preference parameters for ldapsync can be broken up in 5 general categories
LDAP_admin_dnLDAP_admin_pwLDAP_port_numberLDAP_service_hostsLDAP use ssl up in 5 general categories
ConnectionThis is the connection to the LDAP
P l h LDAP
LDAP_use_sslLDAP_cert_db_path
server. Parameters control the LDAP host, user name, password, and port. Additionally, if SSL is being used, it is configured here.configured here.
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 13
![Page 14: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/14.jpg)
Synchronization ParametersSynchronization Parameters
TC Preference ParametersSynchronization Parameters
Configuration of the TC preference parameters for ldapsync can be broken up in 5 general categories
LDAP_member_list_attrLDAP_member_type_attrLDAP_object_type_attrLDAP_sync_group_flags
f up in 5 general categories
SynchronizationThese 7 parameters control general
h i i f h d b
LDAP_sync_member_flagsLDAP_sync_role_flagsLDAP_sync_user_flags
synchronization of the data between the LDAP and TC databases. Defining groups and roles is done here along with allowing indirect membership.with allowing indirect membership. Additionally, entire group control is configured here: create, deactivate, update, etc.
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 14
![Page 15: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/15.jpg)
Group Mapping ParamtersGroup Mapping Paramters
TC Preference ParametersGroup Mapping Parameters
Configuration of the TC preference parameters for ldapsync can be broken up in 5 general categories
LDAP_group_attr_mappingLDAP_group_base_dnLDAP_group_object_classLDAP_group_query_filter up in 5 general categories
Group MappingThese 4 parameters control all
h i i i dsynchronization aspects required to create a Teamcenter group. They define what object class and filter ldapsync uses to search the LDAPldapsync uses to search the LDAP database and which attributes will be used in the TC fields.
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 15
![Page 16: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/16.jpg)
Role Mapping ParamtersRole Mapping Paramters
TC Preference ParametersRole Mapping Parameters
Configuration of the TC preference parameters for ldapsync can be broken up in 5 general categories
LDAP_role_attr_mappingLDAP_role_object_classLDAP_role_query_filter
up in 5 general categories
Role MappingThese 3 parameters control all
h i i i dsynchronization aspects required to create a Teamcenter role. They define what object class and filter ldapsync uses to search the LDAP database anduses to search the LDAP database and which attributes will be used in the TC fields.
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 16
![Page 17: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/17.jpg)
User/Person Mapping ParamtersUser/Person Mapping Paramters
TC Preference ParametersUser/Person Mapping Parameters
Configuration of the TC preference parameters for ldapsync can be broken up in 5 general categories
LDAP_attribute_mappingLDAP_base_dnLDAP_ignore_usersLDAP_person_attr_mapping up in 5 general categories
User and Person MappingThese 6 parameters control all
h i i i d
LDAP_user_object_classLDAP_user_query_filter
synchronization aspects required to create Teamcenter user and person objects. They define what object class and filter ldapsync uses to search theand filter ldapsync uses to search the LDAP database and which attributes will be used in the TC fields. Additionally, a directory starting point is
fi d h
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 17
configured here.
![Page 18: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/18.jpg)
LDAP Server ConfigurationLDAP Server Configuration
LDAPSync allows most TC database fields to be filled usingLDAPSync allows most TC database fields to be filled using default parameters.
This allows synchronization with minimum changes to the LDAP hschema.
LDAP schema changes will be required as greater degrees of customization is needed.
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 18
![Page 19: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/19.jpg)
LDAP Server ConfigurationLDAP Server Configuration
Situations where LDAP schema changes could be needed
Group/Role identificationLDAPSync has to identify which LDAP objects are defined as Groups and Roles. IfLDAPSync has to identify which LDAP objects are defined as Groups and Roles. If they do not differ by object class or consistent naming, then an additional attribute can be added and found using LDAPSync.
F th i f ti LDAP bj t t ttFurther information, see: LDAP_object_type_attr
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 19
![Page 20: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/20.jpg)
LDAP Server Configuration
Situations where LDAP schema changes could be needed
Indirect MembershipLDAP administrators can configure an LDAP attribute that points to other objects.LDAP administrators can configure an LDAP attribute that points to other objects. Commonly a group will have one attribute that points to group members. LDAPSync will not follow that link without configuration changes.
F th i f tiFurther information, see:LDAP_member_type_attrLDAP_member_list_attr
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 20
![Page 21: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/21.jpg)
LDAP Server Configuration
Situations where LDAP schema changes could be needed
Default Group on User objectTeamcenter user objects need a default group configured. If different defaultTeamcenter user objects need a default group configured. If different default groups are required for different users, then an attribute needs to be added to the LDAP user object.
F th i f tiFurther information, see:LDAP_attribute_mapper (AttributeID: LDAPUserGroup)
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 21
![Page 22: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/22.jpg)
LDAP GUI (Sun ONE Directory Server)LDAP GUI (Sun ONE Directory Server)
11
2
3
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 22
![Page 23: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/23.jpg)
LDAPSync Tool (Example)LDAPSync Tool (Example)
Parameters
TriplesParameter nameLDAP attribute nameDefault (if applicable)
LDAP_role_attr_mapping LDAPRoleNamecn %REPLACE_ME% LDAPRoleDesc
}}
1
2description %REPLACE_ME% LDAPLastUpdate modifyTimestamp%REPLACE ME%
}}
2
3
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 23
%REPLACE_ME% }
![Page 24: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/24.jpg)
LDAPSync ToolLDAPSync Tool
112
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 24
![Page 25: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/25.jpg)
LDAPSync Best Practices
LDAPSync Dos
Minimize LDAP directory depthAdv: Fewer searchesAdv: Improved data integrityAdv: Improved data integrityAdv: Improved speed
Minimize indirect membershipMinimize indirect membershipAdv: Fewer searchesAdv: Improved speed
Synchronize only needed usersAdv: Improved speed
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 25
![Page 26: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/26.jpg)
ContactContact
Siva Jasthi
Teamcenter Development 5939 Rice Creek Parkway Shoreview MNShoreview,MNPhone: 651 855 6144Fax: 651 855 6280
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 26
![Page 27: Siemens PLM Connection - Fermilab Product Lifecycle Management System... · LDAP Sync Tool (LST)LDAP Sync Tool (LST) Lightweight Directory Access Protocol Advantages: Standard WidelysupportedWidely](https://reader034.vdocument.in/reader034/viewer/2022043010/5f9f94567dd65a347c446b84/html5/thumbnails/27.jpg)
Siemens PLM Connection
Thank YouThank You
May 2008© 2008. Siemens Product Lifecycle Management Software Inc. All rights reserved
Siemens PLM SoftwareSlide 27Copyright © Siemens PLM Software Inc. 2008. All rights reserved.