Property | Description |
Name | Required. The name to identify the external directory service. My webMethods Server uses this name to display the external directory service in the user interface. |
Description | A descriptive comment about the external directory service. |
Keywords | One or more keywords to use when searching for external directory services. |
Property | Description |
Cache Capacity | Required. The number of database queries to cache. The default is 1000. My webMethods Server deletes the cache entries when the number of cached queries reaches the specified capacity, starting from the oldest entries. |
Cache Timeout | Required. The period of time for which queries remain in the cache unless the cache capacity is exceeded. The default is 1 hour. My webMethods Server deletes cache entries when the cache timeout expires, even if the specified cache capacity is not reached. |
Property | Description |
Service Enabled | Enables or disables the directory service. The default is Yes. This service is enabled. |
Connection Error Threshold | Required. The maximum number of connection errors to occur before disabling the service. The default is 10. |
Auto Reconnect | Attempt to reconnect to the directory server if the service is disabled after reaching the connection error threshold or if the connection to the server is lost due to a network outage or planned maintenance. Enabled by default. |
Auto Reconnect Interval | The period of time (in seconds) to wait between subsequent attempts to reconnect. The default is 6. |
Provider URL | Required. The URL for the external directory server using the following syntax: ldap://host_name:port_number |
Base DN | Required. The root distinguished name to use when querying the directory server. For example, ou=mywebMethods,o=webmethods.com |
User DN | The additional user DN to use when searching and loading users. |
Groups DN | The additional group DN to use when searching and loading users. |
Use Kerberos | Whether to use Kerberos authentication when connecting to the LDAP service. The default is No. Do not use Kerberos. For more information about using directory services with Kerberos, see
Configure Kerberos Authentication for Directory Services. |
Use Ticket Cache | Whether to use Kerberos credentials cache while the user session lasts. Available only when the LDAP service is configured to use Kerberos Authentication. The default is No. Do not use ticket cache.For more information about configuring Kerberos ticket cache for directory services, see
Configure Kerberos Authentication for Directory Services. |
Security Principal | Required when not using Kerberos Ticket Cache. The distinguished name required to log in to the external directory server. |
Security Credentials | Required when not using Kerberos Ticket Cache. The password required to log in to the external directory server. |
Failover URLs | The URL to another LDAP server that My webMethods Server uses for failover if the primary LDAP server, specified in the Provider URL field, fails. Separate multiple values with spaces. |
Search Timeout | Required. The maximum amount of time (in seconds) that an LDAP search query can run before it expires. The default is 0 - the query does not expire. Unless you configure the connection timeout in the custom_wrapper.conf file, My webMethods Server uses the Search Timeout to define the timeout of a connection to an LDAP server. For more information about configuring an LDAP server connection timeout, see Administering My webMethods Server
Configuring a Connection Timeout for an LDAP
Directory Service. |
Enable Default Wildcard Searches | Required. Enables or disables the use of wildcard characters in directory searches. The default is Yes. Enable default wildcard searches. Disabling wildcard searches might improve performance for large servers. When using wildcards, servers do not use any internal indexes for search performance. |
Enable Group Across Directory Service | Required. Indicates whether to query for group membership across all external directory services, configured in My webMethods Server. When you enable this option, the search queries for group membership across all directory services, which degrades the login performance. The default is No. Group Across Directory Service. For more information, see Administering My webMethods Server
Group Membership Across Directory
Services. |
Enable GroupQuickSearch | Required for Active Directory. Indicates whether to determine the group membership of an Active Directory user with one query instead of a recursive search. When you enable this option, the search uses one query, which improves the login performance.. Users must belong either to an Active Directory security group, or a regular group. The default is Disabled. |
ActiveDirectory Domain URLs | Applies only to Active Directory. Specify multiple Active Directory sub-domain URLs, separated by spaces. |
Property | Description |
User Object Filter | The LDAP filter that My webMethods Server applies to all queries when searching for users. Use a technical LDAP query that limits the type of objects, exposed in My webMethods Server. Note: It is recommended that you examine the My webMethods Server directory debug logs to ensure that the query is working correctly. |
Group Object Filter | The LDAP filter that My webMethods Server applies to all queries when searching for groups. Use a technical LDAP query that limits the type of objects, exposed in My webMethods Server. Note: Examine the My webMethods Server directory debug logs to ensure that the query is working correctly. |
Use Nested Groups | Enables or disables searches in nested LDAP groups. The default value is No. Do not use nested groups. |
Use the Virtual List View Control | Enables or disables the use of the Virtual List View control to retrieve a subset of objects for an LDAP query. The default value is No. Do not use the VLV control. Applies only when the automatic configuration of LDAP server controls is disabled. |
Use Server Side Paging Control | Enables or disables the use of the Server-Side Paging control to page the results of an LDAP query. The default value is No. Do not use the Paging control. Applies only when the automatic configuration of LDAP server controls is disabled. |
Use Server Side Sorting Control | Enables or disables the use of the Server-Side Sorting control to sort the results of an LDAP query in a particular order. The default value is No. Do not use the Soting control. Applies only when the automatic configuration of LDAP server controls is disabled. |
Automatically Configure Server Side Controls | Enables or disables the automatic configuration of LDAP server controls by My webMethods Server. The default value is Yes. Autoconfigure the controls. |
Property | Descripion |
User Object Class | Required. The User Object Class attribute for the external directory service. The default is person. |
User ID | Required. The User ID attribute for the external directory service. The default is uid. |
First Name | Required. The First Name attribute for the external directory service. The default is sn. |
Last Name | Required. The Last Name attribute for the external directory service. The default is givenName. |
Full Name | Required. The Full Name attribute for the external directory service. The default is cn. |
E-mail Address | Required. The Email Address attribute for the external directory service. The default is mail. |
Password | Required. The Password attribute for the external directory service. |
User Disabled | The name of an attribute in the external directory service that identifies a user as disabled. The default is true. |
User Disabled Value Regex | The regular expression to use when evaluating the User Disabled attribute for the external directory service. |
UUID | The name of the attribute to use as a universally unique identification attribute of a user. Specify a string of maximum 128 characters, for example cn or email. Note: If you change the value of UUID for an existing directory service, you must run the UserDirectory_UpdateUUID utility to update the UUID value of directory service users. For more information, see Administering My webMethods Server
Configuring Universally Unique
Identifier (UUID) for Users. |
Property | Description |
Group Object Class | Required. The Group Object Class attribute for the external directory service. The default is groupofuniquenames. |
Group ID | Required. The Group ID attribute for the external directory service. The default is cn. |
Group Name | Required. The Group Name attribute for the external directory service. The default is cn. |
Group Members | Required. The Group Members attribute for the external directory service. The default is uniquemember. |
Group E-mail | Required. The Group Email attribute for the external directory service. The default is mail. |
Property | Description |
Minimum Connections | The minimum number of connections to the external directory server to keep open at all times. The default is 1. |
Maximum Connections | The maximum number of connections to the external directory server to keep open at all times. The default is 20. |
Maximum Connection Time | The maximum amount of time to keep a connection to the external directory server open, before recycling the connection. The server resets this value for each LDAP search to ensure that an LDAP connection remains open during the search process. The default is 10 minutes. |
Clean Up Interval | The time interval for cleaning up expired LDAP connections. The default is 1 minute. |