In My webMethods: Navigate > Applications > Administration > My webMethods > Directory Services > Create New Directory Service.In My webMethods: Navigate > Applications > Administration > My webMethods > Directory Services > Create New Directory Service.As system administrator: Administration > User Management > Directory Services Administration > Create New Directory Service.This option... | Configures this type of directory service... |
LDAP | Lightweight Directory Access Protocol. An internet protocol that allows client programs to query LDAP directory servers about entries using their attributes. |
ADSI | Active Directory Service Interfaces. A set of interfaces for querying and manipulating objects in Microsoft Active Directory, providing an LDAP view of the objects. Active Directory is tightly coupled with the Windows operating system. |
ADAM | Active Directory Application Mode, a standalone directory server offered by Microsoft. ADAM is an LDAP implementation that can be installed and uninstalled without affecting the Active Directory structure of a network. |
Section | Property | Description | ||
General | Name | A name to identify the external directory service. My webMethods Server uses this name when it needs to identify the external directory service in the user interface. | ||
Description | (Optional) A descriptive comment about the external directory service. | |||
Keywords | One or more keywords to be used in searching for external directory services. | |||
Cache | Cache Capacity | The number of database queries you want to cache. The default is 1000. | ||
Cache Timeout | The length of time that queries should remain in the cache unless the cache capacity is exceeded. The default is 1 hour. | |||
Connection Information | Service Enabled | Specifies whether the service is active. Settings are: Yes. This service is enabled (the default)No. This service is disabled | ||
Connection Error Threshold | The number of connection errors that should occur before the service is disabled. The default is 10. | |||
Provider URL | The URL for the external directory service using this syntax: ldap://host_name:port_number For example: ldap://my_host:389 | |||
Base DN | The base distinguished name for the external directory service. For example, ou=mywebMethods,o=webmethods.com | |||
Groups DN | (Optional) The distinguished name for a group. | |||
User DN | (Optional) The base distinguished name to find groups or users, which might be a different location then the distinguished name specified for Base DN. | |||
Security Principal | The distinguished name required to log in to the external directory service. | |||
Security Credentials | The password required to log in to the external directory service. | |||
Failover URLs | Other LDAP servers that the system can use in the event that the primary LDAP server (identified by Provider URL) fails. If you specify more than one failover provider URLs, separate each with a space. | |||
Search Timeout | The maximum length of time (in seconds) that the system allows an LDAP query to run before the query times out. If you do not want the query to time out, specify 0. The default is 0.
| |||
Enable Default Wildcard Searches | Specifies whether you want to enable wildcard searches. Yes. Enable default wildcard searches (the default)No. Disable default wildcard searchesDisabling wildcard searches might help performance for large servers. By default, all queries have wildcards appended. When using wildcards, servers do not use any internal indexes for search performance. | |||
Enable Group Across Directory Service | If you have multiple external directory services configured on My webMethods Server, the server can query for group membership across all of the configured directory services. This feature is useful for large organizations that have multiple directory services but need to support group memberships that span those services. Enabling this option can noticeably degrade login performance. No. Group Across Directory Service (the default)Yes. Enable Group Across Directory Service | |||
Enable GroupQuickSearch | (Active Directory only) Enables the server to determine the group membership of a user using one query instead of a recursive search. Users must be members of an Active Directory security or regular group. Enabling this option can noticeably improve login performance. No. Do not use GroupQuickSearch (the default)Yes. Enable GroupQuickSearch | |||
ActiveDirectory Domain URLs | (Active Directory only) Enables you to specify multiple Active Directory Domain URLs, separated by spaces. | |||
Advanced Object Filters | User Object Filter | Specifies an LDAP query that My webMethods Server applies to all queries when searching for users. Use a technical ldap query that limits the type of objects that are exposed via My webMethods Server.
| ||
Group Object Filter | Specifies an LDAP query that My webMethods Server applies to all queries when searching for groups. Use a technical LDAP query that limits the type of objects that are exposed via My webMethods Server.
| |||
User Attributes | User Object Class | The User Object Class attribute for the external directory service. | ||
User ID | The User ID attribute for the external directory service. | |||
First Name | The First Name attribute for the external directory service. | |||
Last Name | The Last Name attribute for the external directory service. | |||
Full Name | The Full Name attribute for the external directory service. | |||
E-mail Address | The Email Address attribute for the external directory service. | |||
Password | The Password attribute for the external directory service. | |||
User Disabled | (Optional) The name of an attribute in the external directory service that identifies a user as being disabled. | |||
User Disabled Value Regex | (Optional) A regular expression used to evaluate the User Disabled attribute for the external directory service. | |||
Group Attributes | Group Object Class | The Group Object Class attribute for the external directory service. | ||
Group ID | The Group ID attribute for the external directory service. | |||
Group Name | The Group Name attribute for the external directory service. | |||
Group Members | The Group Members attribute for the external directory service. | |||
Group E-mail | The Group Email attribute for the external directory service. | |||
Connection Pool | Minimum Connections | The minimum number of connections to the external directory service that you want kept open at all times. | ||
Maximum Connections | The maximum number of connections to the external directory service that you want open at any time.
| |||
Maximum Connection Time | The maximum amount of time you want to allow an open connection to the external directory service before the connection is recycled. The server resets this time for each LDAP search to make sure the same LDAP connection stays alive during the search process. | |||
Auto Reconnect | Whether you want My webMethods Server to automatically reconnect to the directory service server if the connection to the server is closed, for example, if there is a network outage or if the server is shut down for planned maintenance. Select the Auto Reconnect check box if you want My webMethods Server to automatically reconnect when the server becomes available. | |||
Clean Up Interval | The interval between times My webMethods Server cleans up expired LDAP connections. |
Tip: | To test your configuration to ensure you have correctly configured the external directory service, perform a query to search for users or groups that are defined in the external directory service. For instructions on how to perform a query, see Searching for Existing Users, Groups,
or Roles. |
