This option... | Configures this type of directory service... |
LDAP | Lightweight Directory Access Protocol. An internet protocol that allows client programs to query LDAP directory servers about entries using their attributes. |
ADSI | Active Directory Service Interfaces. A set of interfaces for querying and manipulating objects in Microsoft Active Directory, providing an LDAP view of the objects. Active Directory is tightly coupled with the Windows operating system. |
ADAM | Active Directory Application Mode, a standalone directory server offered by Microsoft. ADAM is an LDAP implementation that can be installed and uninstalled without affecting the Active Directory structure of a network. |
Section | Property | Description |
General | Name | A name to identify the external directory service. My webMethods Server uses this name when it needs to identify the external directory service in the user interface. |
Description | (Optional) A descriptive comment about the external directory service. | |
Keywords | One or more keywords to be used in searching for external directory services. | |
Cache | Cache Capacity | The number of database queries you want to cache. The default is 1000. My webMethods Server deletes the cache entries when the number of cached queries reaches the specified capacity, starting from the oldest entries. |
Cache Timeout | The length of time that queries should remain in the cache unless the cache capacity is exceeded. The default is 1 hour. My webMethods Server deletes cache entries when the cache timeout expires, even if the specified cache capacity is not reached. | |
My webMethods Server saves all cache in memory and clears all cache entries when restarted. | ||
Connection Information | Service Enabled | Specifies whether the service is active. Settings are: Yes. This service is enabled (the default) No. This service is disabled |
Connection Error Threshold | The number of connection errors that should occur before the service is disabled. The default is 10. | |
Provider URL | The URL for the external directory service using this syntax: ldap://host_name:port_number For example: ldap://my_host:389 | |
Base DN | The base distinguished name for the external directory service. For example, ou=mywebMethods,o=webmethods.com | |
Groups DN | (Optional) The distinguished name for a group. | |
User DN | (Optional) The base distinguished name to find groups or users, which might be a different location then the distinguished name specified for Base DN. | |
Security Principal | The distinguished name required to log in to the external directory service. | |
Security Credentials | The password required to log in to the external directory service. | |
Failover URLs | Other LDAP servers that the system can use in the event that the primary LDAP server (identified by Provider URL) fails. If you specify more than one failover provider URLs, separate each with a space. | |
Search Timeout | The maximum length of time (in seconds) that the system allows an LDAP query to run before the query times out. If you do not want the query to time out, specify 0. The default is 0. Note: By default, My webMethods Server also uses the value of Search Timeout to define the timeout of a connection to an LDAP server. However, if you want to use a different connection timeout value, you can configure an additional connection timeout parameter in the custom_wrapper.conf file of My webMethods Server. For more information about configuring an LDAP server connection timeout, see Configuring a Connection Timeout for an LDAP Directory Service. | |
Enable Default Wildcard Searches | Specifies whether you want to enable wildcard searches. Yes. Enable default wildcard searches (the default) No. Disable default wildcard searches Disabling wildcard searches might help performance for large servers. By default, all queries have wildcards appended. When using wildcards, servers do not use any internal indexes for search performance. | |
Enable Group Across Directory Service | If you have multiple external directory services configured on My webMethods Server, the server can query for group membership across all of the configured directory services. This feature is useful for large organizations that have multiple directory services but need to support group memberships that span those services. Enabling this option can noticeably degrade login performance. No. Group Across Directory Service (the default) Yes. Enable Group Across Directory Service | |
Enable GroupQuickSearch | (Active Directory only) Enables the server to determine the group membership of a user using one query instead of a recursive search. Users must be members of an Active Directory security or regular group. Enabling this option can noticeably improve login performance. No. Do not use GroupQuickSearch (the default) Yes. Enable GroupQuickSearch | |
ActiveDirectory Domain URLs | (Active Directory only) Enables you to specify multiple Active Directory Domain URLs, separated by spaces. | |
Advanced Object Filters | User Object Filter | Specifies an LDAP query that My webMethods Server applies to all queries when searching for users. Use a technical ldap query that limits the type of objects that are exposed via My webMethods Server. Note: It is recommended that you examine the My webMethods Server directory debug logs to ensure that the query is working correctly. |
Group Object Filter | Specifies an LDAP query that My webMethods Server applies to all queries when searching for groups. Use a technical LDAP query that limits the type of objects that are exposed via My webMethods Server. Note: It is recommended that you examine the My webMethods Server directory debug logs to ensure that the query is working correctly. | |
User Attributes | User Object Class | The User Object Class attribute for the external directory service. |
User ID | The User ID attribute for the external directory service. | |
First Name | The First Name attribute for the external directory service. | |
Last Name | The Last Name attribute for the external directory service. | |
Full Name | The Full Name attribute for the external directory service. | |
E-mail Address | The Email Address attribute for the external directory service. | |
Password | The Password attribute for the external directory service. | |
User Disabled | (Optional) The name of an attribute in the external directory service that identifies a user as being disabled. | |
User Disabled Value Regex | (Optional) A regular expression used to evaluate the User Disabled attribute for the external directory service. | |
UUID | (Optional) An attribute that is universally unique to a user. For example, user identification attribute such as "cn" or "email". Maximum of 128 characters allowed for this string type field. Note: If you change the value of UUID for an existing directory service, you must run the UserDirectory_UpdateUUID utility to update the UUID value of directory service users. If you have a large user base, the UserDirectory_UpdateUUID utility will take a long time to run. It is recommended that you run the UserDirectory_UpdateUUID utility only once. For more information, see
Configuring Universally Unique
Identifier (UUID) for Users. | |
Group Attributes | Group Object Class | The Group Object Class attribute for the external directory service. |
Group ID | The Group ID attribute for the external directory service. | |
Group Name | The Group Name attribute for the external directory service. | |
Group Members | The Group Members attribute for the external directory service. | |
Group E-mail | The Group Email attribute for the external directory service. | |
Connection Pool | Minimum Connections | The minimum number of connections to the external directory service that you want kept open at all times. |
Maximum Connections | The maximum number of connections to the external directory service that you want open at any time. Note: In some LDAP implementations, the paging cookie is bound to a specific LDAP connection. Make sure the maximum connections value is large enough to handle concurrent LDAP searches and the maximum connection time value is long enough to ensure that searches can be finished. | |
Maximum Connection Time | The maximum amount of time you want to allow an open connection to the external directory service before the connection is recycled. The server resets this time for each LDAP search to make sure the same LDAP connection stays alive during the search process. | |
Auto Reconnect | Whether you want My webMethods Server to automatically reconnect to the directory service server if the connection to the server is closed, for example, if there is a network outage or if the server is shut down for planned maintenance. Select the Auto Reconnect check box if you want My webMethods Server to automatically reconnect when the server becomes available. | |
Clean Up Interval | The interval between times My webMethods Server cleans up expired LDAP connections. |