My webMethods Server 10.11 | My webMethods Server Webhelp | Administering My webMethods Server | My webMethods Administrator Functions | Managing My webMethods Configuration | Managing External Directory Services | Configuring an External LDAP, ADSI, or ADAM Directory Service | LDAP, ADSI, and ADAM Directory Service Properties
 
LDAP, ADSI, and ADAM Directory Service Properties
When configuring an external directory service of type LDAP, ADAM, or ADSI, you can configure the following properties.
In the General section:
The following table lists the directory service properties you configure in the General section:
Property
Description
Name
Required. The name to identify the external directory service. My webMethods Server uses this name to display the external directory service in the user interface.
Description
A descriptive comment about the external directory service.
Keywords
One or more keywords to use when searching for external directory services.
In the Cache section:
The following table lists the directory service properties you configure in the Cache section:
Property
Description
Cache Capacity
Required. The number of database queries to cache. The default is 1000.
My webMethods Server deletes the cache entries when the number of cached queries reaches the specified capacity, starting from the oldest entries.
Cache Timeout
Required. The period of time for which queries remain in the cache unless the cache capacity is exceeded. The default is 1 hour.
My webMethods Server deletes cache entries when the cache timeout expires, even if the specified cache capacity is not reached.
My webMethods Server saves all cache in memory and clears all cache entries when restarted.
In the Connection Information section:
The following table lists the directory service properties you configure in the Connection Information section:
Property
Description
Service Enabled
Enables or disables the directory service. The default is Yes. This service is enabled.
Connection Error Threshold
Required. The maximum number of connection errors to occur before disabling the service. The default is 10.
Auto Reconnect
Attempt to reconnect to the directory server if the service is disabled after reaching the connection error threshold or if the connection to the server is lost due to a network outage or planned maintenance. Enabled by default.
Auto Reconnect Interval
The period of time (in seconds) to wait between subsequent attempts to reconnect. The default is 6.
Provider URL
Required. The URL for the external directory server using the following syntax:
ldap://host_name:port_number
Base DN
Required. The root distinguished name to use when querying the directory server. For example, ou=mywebMethods,o=webmethods.com
User DN
The additional user DN to use when searching and loading users.
Groups DN
The additional group DN to use when searching and loading users.
Use Kerberos
Whether to use Kerberos authentication when connecting to the LDAP service. The default is No. Do not use Kerberos. For more information about using directory services with Kerberos, see Configure Kerberos Authentication for Directory Services.
Use Ticket Cache
Whether to use Kerberos credentials cache while the user session lasts. Available only when the LDAP service is configured to use Kerberos Authentication. The default is No. Do not use ticket cache.For more information about configuring Kerberos ticket cache for directory services, see Configure Kerberos Authentication for Directory Services.
Security Principal
Required when not using Kerberos Ticket Cache. The distinguished name required to log in to the external directory server.
Security Credentials
Required when not using Kerberos Ticket Cache. The password required to log in to the external directory server.
Failover URLs
The URL to another LDAP server that My webMethods Server uses for failover if the primary LDAP server, specified in the Provider URL field, fails. Separate multiple values with spaces.
Search Timeout
Required. The maximum amount of time (in seconds) that an LDAP search query can run before it expires. The default is 0 - the query does not expire.
Unless you configure the connection timeout in the custom_wrapper.conf file, My webMethods Server uses the Search Timeout to define the timeout of a connection to an LDAP server. For more information about configuring an LDAP server connection timeout, see Administering My webMethods Server Configuring a Connection Timeout for an LDAP Directory Service.
Enable Default Wildcard Searches
Required. Enables or disables the use of wildcard characters in directory searches. The default is Yes. Enable default wildcard searches.
Disabling wildcard searches might improve performance for large servers. When using wildcards, servers do not use any internal indexes for search performance.
Enable Group Across Directory Service
Required. Indicates whether to query for group membership across all external directory services, configured in My webMethods Server. When you enable this option, the search queries for group membership across all directory services, which degrades the login performance. The default is No. Group Across Directory Service.
For more information, see Administering My webMethods Server Group Membership Across Directory Services.
Enable GroupQuickSearch
Required for Active Directory. Indicates whether to determine the group membership of an Active Directory user with one query instead of a recursive search. When you enable this option, the search uses one query, which improves the login performance.. Users must belong either to an Active Directory security group, or a regular group. The default is Disabled.
ActiveDirectory Domain URLs
Applies only to Active Directory. Specify multiple Active Directory sub-domain URLs, separated by spaces.
In the Advanced Object Filters section:
The following table lists the directory service properties you configure in the Advanced Object Filters section:
Property
Description
User Object Filter
The LDAP filter that My webMethods Server applies to all queries when searching for users. Use a technical LDAP query that limits the type of objects, exposed in My webMethods Server.
Note:
It is recommended that you examine the My webMethods Server directory debug logs to ensure that the query is working correctly.
Group Object Filter
The LDAP filter that My webMethods Server applies to all queries when searching for groups. Use a technical LDAP query that limits the type of objects, exposed in My webMethods Server.
Note:
Examine the My webMethods Server directory debug logs to ensure that the query is working correctly.
Use Nested Groups
Enables or disables searches in nested LDAP groups. The default value is No. Do not use nested groups.
Use the Virtual List View Control
Enables or disables the use of the Virtual List View control to retrieve a subset of objects for an LDAP query. The default value is No. Do not use the VLV control. Applies only when the automatic configuration of LDAP server controls is disabled.
Use Server Side Paging Control
Enables or disables the use of the Server-Side Paging control to page the results of an LDAP query. The default value is No. Do not use the Paging control. Applies only when the automatic configuration of LDAP server controls is disabled.
Use Server Side Sorting Control
Enables or disables the use of the Server-Side Sorting control to sort the results of an LDAP query in a particular order. The default value is No. Do not use the Soting control. Applies only when the automatic configuration of LDAP server controls is disabled.
Automatically Configure Server Side Controls
Enables or disables the automatic configuration of LDAP server controls by My webMethods Server. The default value is Yes. Autoconfigure the controls.
In the User Attributes section:
The following table lists the directory service properties you configure in the User Attributes section:
Property
Descripion
User Object Class
Required. The User Object Class attribute for the external directory service. The default is person.
User ID
Required. The User ID attribute for the external directory service. The default is uid.
First Name
Required. The First Name attribute for the external directory service. The default is sn.
Last Name
Required. The Last Name attribute for the external directory service. The default is givenName.
Full Name
Required. The Full Name attribute for the external directory service. The default is cn.
E-mail Address
Required. The Email Address attribute for the external directory service. The default is mail.
Password
Required. The Password attribute for the external directory service.
User Disabled
The name of an attribute in the external directory service that identifies a user as disabled. The default is true.
User Disabled Value Regex
The regular expression to use when evaluating the User Disabled attribute for the external directory service.
UUID
The name of the attribute to use as a universally unique identification attribute of a user. Specify a string of maximum 128 characters, for example cn or email.
Note: 
If you change the value of UUID for an existing directory service, you must run the UserDirectory_UpdateUUID utility to update the UUID value of directory service users.
For more information, see Administering My webMethods Server Configuring Universally Unique Identifier (UUID) for Users.
In the Group Attributes section:
The following table lists the directory service properties you configure in the Group Attributes section:
Property
Description
Group Object Class
Required. The Group Object Class attribute for the external directory service. The default is groupofuniquenames.
Group ID
Required. The Group ID attribute for the external directory service. The default is cn.
Group Name
Required. The Group Name attribute for the external directory service. The default is cn.
Group Members
Required. The Group Members attribute for the external directory service. The default is uniquemember.
Group E-mail
Required. The Group Email attribute for the external directory service. The default is mail.
In the Connection Pool section:
The following table lists the directory service properties you configure in the Connection Pool section:
Property
Description
Minimum Connections
The minimum number of connections to the external directory server to keep open at all times. The default is 1.
Maximum Connections
The maximum number of connections to the external directory server to keep open at all times. The default is 20.
Maximum Connection Time
The maximum amount of time to keep a connection to the external directory server open, before recycling the connection. The server resets this value for each LDAP search to ensure that an LDAP connection remains open during the search process. The default is 10 minutes.
Clean Up Interval
The time interval for cleaning up expired LDAP connections. The default is 1 minute.
Note:
In some LDAP implementations, the paging cookie is bound to a specific LDAP connection. Make sure that the value for the Maximum Connections property is large enough to handle concurrent LDAP searches and the value fo the Maximum Connection Time property is long enough to ensure that searches can finish within the specified time range.