My webMethods Server 10.1 | My webMethods Server Webhelp | Document Conventions | My webMethods Administrator Functions | Managing My webMethods Configuration | Managing External Directory Services
 
Managing External Directory Services
 
Configuring an External LDAP, ADSI, or ADAM Directory Service
Configuring an External Database Directory Service
Allowing Externally Defined Users to Perform Actions from My webMethods
Updating the Configuration for a Directory Service
Updating the Search Order for Search Directory Services
Disabling User Accounts
Deleting a Directory Service Configuration
Configuring an External LDAP, ADSI, or ADAM Directory Service
Use the following procedure to configure My webMethods Server to use an external LDAP, ADSI, or ADAM directory service.
*To configure an external LDAP, ADSI, or ADAM directory service
1. To navigate to the correct page, do one of the following:
*In My webMethods: Navigate > Applications > Administration > My webMethods > Directory Services > Create New Directory Service.
*As system administrator: Administration > User Management > Directory Services Administration > Create New Directory Service.
2. In Directory Type field: the option that describes the type of directory service:
This option...
Configures this type of directory service...
LDAP
Lightweight Directory Access Protocol. An internet protocol that allows client programs to query LDAP directory servers about entries using their attributes.
ADSI
Active Directory Service Interfaces. A set of interfaces for querying and manipulating objects in Microsoft Active Directory, providing an LDAP view of the objects. Active Directory is tightly coupled with the Windows operating system.
ADAM
Active Directory Application Mode, a standalone directory server offered by Microsoft. ADAM is an LDAP implementation that can be installed and uninstalled without affecting the Active Directory structure of a network.
3. Click Next.
4. Fill in the appropriate form fields for the directory service you want to add. You should be prepared to provide the following information:
Section
Property
Description
General
Name
A name to identify the external directory service. My webMethods Server uses this name when it needs to identify the external directory service in the user interface.
Description
(Optional) A descriptive comment about the external directory service.
Keywords
One or more keywords to be used in searching for external directory services.
Cache
Cache Capacity
The number of database queries you want to cache. The default is 1000.
My webMethods Server deletes the cache entries when the number of cached queries reaches the specified capacity, starting from the oldest entries.
Cache Timeout
The length of time that queries should remain in the cache unless the cache capacity is exceeded. The default is 1 hour.
My webMethods Server deletes cache entries when the cache timeout expires, even if the specified cache capacity is not reached.
My webMethods Server saves all cache in memory and clears all cache entries when restarted.
Connection Information
Service Enabled
Specifies whether the service is active. Settings are:
*Yes. This service is enabled (the default)
*No. This service is disabled
Connection Error Threshold
The number of connection errors that should occur before the service is disabled. The default is 10.
Provider URL
The URL for the external directory service using this syntax:
ldap://host_name:port_number
For example: ldap://my_host:389
Base DN
The base distinguished name for the external directory service. For example, ou=mywebMethods,o=webmethods.com
Groups DN
(Optional) The distinguished name for a group.
User DN
(Optional) The base distinguished name to find groups or users, which might be a different location then the distinguished name specified for Base DN.
Security Principal
The distinguished name required to log in to the external directory service.
Security Credentials
The password required to log in to the external directory service.
Failover URLs
Other LDAP servers that the system can use in the event that the primary LDAP server (identified by Provider URL) fails. If you specify more than one failover provider URLs, separate each with a space.
Search Timeout
The maximum length of time (in seconds) that the system allows an LDAP query to run before the query times out. If you do not want the query to time out, specify 0. The default is 0.
Note:
By default, My webMethods Server also uses the value of Search Timeout to define the timeout of a connection to an LDAP server. However, if you want to use a different connection timeout value, you can configure an additional connection timeout parameter in the custom_wrapper.conf file of My webMethods Server. For more information about configuring an LDAP server connection timeout, see Configuring a Connection Timeout for an LDAP Directory Service.
Enable Default Wildcard Searches
Specifies whether you want to enable wildcard searches.
*Yes. Enable default wildcard searches (the default)
*No. Disable default wildcard searches
Disabling wildcard searches might help performance for large servers. By default, all queries have wildcards appended. When using wildcards, servers do not use any internal indexes for search performance.
Enable Group Across Directory Service
If you have multiple external directory services configured on My webMethods Server, the server can query for group membership across all of the configured directory services. This feature is useful for large organizations that have multiple directory services but need to support group memberships that span those services. Enabling this option can noticeably degrade login performance.
*No. Group Across Directory Service (the default)
*Yes. Enable Group Across Directory Service
Enable GroupQuickSearch
(Active Directory only) Enables the server to determine the group membership of a user using one query instead of a recursive search. Users must be members of an Active Directory security or regular group. Enabling this option can noticeably improve login performance.
*No. Do not use GroupQuickSearch (the default)
*Yes. Enable GroupQuickSearch
ActiveDirectory Domain URLs
(Active Directory only) Enables you to specify multiple Active Directory Domain URLs, separated by spaces.
Advanced Object Filters
User Object Filter
Specifies an LDAP query that My webMethods Server applies to all queries when searching for users. Use a technical ldap query that limits the type of objects that are exposed via My webMethods Server.
Note:
It is recommended that you examine the My webMethods Server directory debug logs to ensure that the query is working correctly.
Group Object Filter
Specifies an LDAP query that My webMethods Server applies to all queries when searching for groups. Use a technical LDAP query that limits the type of objects that are exposed via My webMethods Server.
Note:
It is recommended that you examine the My webMethods Server directory debug logs to ensure that the query is working correctly.
User Attributes
User Object Class
The User Object Class attribute for the external directory service.
User ID
The User ID attribute for the external directory service.
First Name
The First Name attribute for the external directory service.
Last Name
The Last Name attribute for the external directory service.
Full Name
The Full Name attribute for the external directory service.
E-mail Address
The Email Address attribute for the external directory service.
Password
The Password attribute for the external directory service.
User Disabled
(Optional) The name of an attribute in the external directory service that identifies a user as being disabled.
User Disabled Value Regex
(Optional) A regular expression used to evaluate the User Disabled attribute for the external directory service.
UUID
(Optional) An attribute that is universally unique to a user. For example, user identification attribute such as "cn" or "email".
Maximum of 128 characters allowed for this string type field.
Note: 
If you change the value of UUID for an existing directory service, you must run the UserDirectory_UpdateUUID utility to update the UUID value of directory service users.
If you have a large user base, the UserDirectory_UpdateUUID utility will take a long time to run.
It is recommended that you run the UserDirectory_UpdateUUID utility only once.
Group Attributes
Group Object Class
The Group Object Class attribute for the external directory service.
Group ID
The Group ID attribute for the external directory service.
Group Name
The Group Name attribute for the external directory service.
Group Members
The Group Members attribute for the external directory service.
Group E-mail
The Group Email attribute for the external directory service.
Connection Pool
Minimum Connections
The minimum number of connections to the external directory service that you want kept open at all times.
Maximum Connections
The maximum number of connections to the external directory service that you want open at any time.
Note:
In some LDAP implementations, the paging cookie is bound to a specific LDAP connection. Make sure the maximum connections value is large enough to handle concurrent LDAP searches and the maximum connection time value is long enough to ensure that searches can be finished.
Maximum Connection Time
The maximum amount of time you want to allow an open connection to the external directory service before the connection is recycled. The server resets this time for each LDAP search to make sure the same LDAP connection stays alive during the search process.
Auto Reconnect
Whether you want My webMethods Server to automatically reconnect to the directory service server if the connection to the server is closed, for example, if there is a network outage or if the server is shut down for planned maintenance. Select the Auto Reconnect check box if you want My webMethods Server to automatically reconnect when the server becomes available.
Clean Up Interval
The interval between times My webMethods Server cleans up expired LDAP connections.
5. At the bottom of the page, click Finish.
Tip:
To test your configuration to ensure you have correctly configured the external directory service, perform a query to search for users or groups that are defined in the external directory service. For instructions on how to perform a query, see Searching for Existing Users, Groups, or Roles.