Field | Description |
Directory URL | Specifies the complete URL of the LDAP server. The URL has the format protocol ://hostname :portnumber where The protocol is LDAP for standard connections or LDAPS for secure connections The host is the host name or IP address of the LDAP server. The port is the port on which the server is running. The port is optional. If omitted, the port defaults to 389 for LDAP, or 636 for LDAPS For example, specifying the URL ldaps:// ldapserv1:700 would create a secure connection to the LDAP server running on the non-standard port 700 on the host called ldapserv1. If you specify ldaps, API Gateway attempts to make a secure connection to the directory server using an SSL socket. If the directory server is configured to use SSL, it has a server certificate in place to identify itself to clients. This certificate must be signed by an authority to prove its validity that is, the server certificate is signed by a CA). By default, API Gateway only trusts certificates signed by a signing authority whose CA certificate is in the API Gateway's trusted CAs directory. |
Principal | Specifies the user ID API Gateway should supply to connect to the LDAP server. For example, o=webm.com or dc=webm,dc=com. This user should not be the Administrator account, but a user that has permission to query groups and group membership. If your LDAP server allows anonymous access, leave this field blank. |
Credentials | Specifies the password API Gateway should supply to connect to the LDAP server, that is, the Principal's password. |
Connection timeout (seconds) | Specifies the number of seconds API Gateway waits while trying to connect to the LDAP server. After this time has passed, API Gateway tries for the next configured LDAP server on the list. The default is 5 seconds. |
Minimum connection pool size | Specifies the minimum number of connections allowed in the pool that API Gateway maintains for connecting to the LDAP server. When API Gateway starts, the connection pool initially contains this minimum number of connections. API Gateway adds connections to the pool as needed until it reaches the maximum allowed, which is specified in the Maximum Connection Pool field. The default value is 0. |
Maximum connection pool size | Specifies the maximum number of connections allowed in the pool that API Gateway maintains for connecting to the LDAP server. When API Gateway starts, the connection pool initially contains the minimum number of connections as specified in the Minimum Connection Pool field. API Gateway adds connections to the pool as needed until it reaches the maximum allowed. The default value is 10. |
Directory name. Specifies the directory name to be built on selecting any of the following criteria. | |
Synthesize DN | Builds a distinguished name by adding a prefix and suffix to the user name. The Synthesize DN method can be faster than the Query DN method because it does not perform a query against the LDAP directory. However, if your LDAP system does not contain all users in a single flat structure, use the Query DN method instead. DN prefix A string that specifies the beginning of a DN you want to pass to the LDAP server. DN suffix A string that specifies the end of a DN you want to pass to the LDAP server. For example, if the prefix is cn= and the suffix is ,ou=Users and a user logs in specifying bob, then API Gateway builds the DN cn=bob,ou=Users and sends it to the LDAP server for authentication. Note: Be sure to specify all the characters required to form a proper DN. For instance, if you omit the comma from the suffix above, that is, you specify ou=Users instead of ,ou=Users, API Gateway builds an invalid DN cn=bobou=Users. |
Query DN | Builds a query that searches a specified root directory for the user. Use this method instead of the Synthesize DN method if your LDAP directory has a complex structure. UID property A property that identifies an LDAP userid, such as "cn" or "uid". User root DN Provide the full distinguished name. For example, if you specify ou=users,dc=webMethods,dc=com, API Gateway issues a query that starts searching in the root directory ou=users for a common name that matches the name the user has logged in with. |
Default group | Specifies the API Gateway group with which the user is associated. The user is allowed to access APIs that members of this API Gateway group can access. This access is controlled by the ACLs with which the group is associated. If you also specify a value in the Group member attribute field, the user has the same access as members of the API Gateway group and members of LDAP groups that have been mapped to an ACL. Note: If you do not want to select a default group, you can select <None> from the options provided. |
Group member attribute | Specifies the name of the attribute in a group's directory entry that identifies each member of the group. This value is usually member or uniqueMember, but can vary depending on the schema of the LDAP directory. API Gateway uses this information during ACL checking to see if the user attempting to log in belongs to an LDAP group that has been mapped to an ACL. If no value is specified here, API Gateway does not check for membership in an LDAP group. As a result, the user's ability to access API Gateway services is controlled by the API Gateway group specified in the Default group field. |
Group ID property | Specifies a property that identifies an LDAP group, such as CN. |
Group root DN | Specifies the full distinguished name. For example, if you specify ou=groups,webMethods,dc=com, API Gateway issues a query that displays all the LDAP groups. Note: You must specify values in the Group ID property field and Group root DN fields. |