configure Central User Management/ LDAP

Jesus_Ricardo · July 25, 2008, 7:28pm

Hello wM Gurus,
Newbie here so , please forgive me for my kid questions.
We have webMethods IS v.7.1.1.
Im trying to configure central management/LDAP.

When i tried to configure central user management:
Here is what i did as per the 7.1.1 admin guide:

The guide says to configure central user management I should:
[FONT=PalatinoLinotype-Roman][SIZE=3][FONT=Times New Roman][FONT=PalatinoLinotype-Roman][SIZE=3]

#1.Create a JDBC pool alias for connecting to the central user database, i.e., the My webMethods Server database. When you create the JDBC pool alias, you
specify the connection database needed to connect to the My webMethods
Server database.
#2.Assoc[/size][/font][FONT=PalatinoLinotype-Roman][SIZE=3]iate the CentralUsers functional alias with the new JDBC pool alias and

initialize the connection pool.

So after doing this it still says Central user management " not configured" under SECURITY/USER MANAGEMENR/GENERAL
[/size][/font][/FONT][/SIZE][/FONT]
So tried to use LDAP by doing the following as per the guide:
[FONT=PalatinoLinotype-Roman][SIZE=3]

Open the Integration Server Administrator if it is not already open.

[/size][/font][B][FONT=Arial][SIZE=3]

2 [/b][/size][/font]In the [FONT=Arial][SIZE=3]Security [/size][/font]menu of the Navigation panel, click [FONT=Arial][SIZE=3]User Management[/size][/font][SIZE=3].

[/size][B][FONT=Arial][SIZE=3]

3 [/b][/size][/font]Click [FONT=Arial][SIZE=3]LDAP Configuration[/size][/font][SIZE=3].

[/size][B][FONT=Arial][SIZE=3]

4 [/b][/size][/font]Click [FONT=Arial][SIZE=3]Edit LDAP Configuration[/size][/font][SIZE=3].

[/size][FONT=Arial][SIZE=3]5 [/size][/font]Next to [FONT=Arial][SIZE=3]Provider[/size][/font], select [FONT=Arial][SIZE=3]LDAP[/size][/font].

But I do not see any options to add LDAP as provider.

Did i miss out something during installation?
Is there a Jar file that is missing?
An extended setting that I am overlooking??
I would appreciate any responses.
Thanks a lot for the help.
Jesus

Jesus_Ricardo · July 26, 2008, 2:37am

Anyone?
RMG?Carlson?Ron Eamon?Dan?
Do you guys think it could be because I do not have a broker installed?
Any guesses?

smk1 · July 27, 2008, 4:07pm

Hi Jesus,

One thing to note : You can either do LDAP from IS or Central User Configuration.
Assuming that you want common users between IS and MWS, here are the steps :

Point MWS DB to same as what IS is using
In MWS, go to Settings → Directory Services → ADSI (auuming microsoft active directory or you can select other options depending upon your LDAP provider)
Configure LDAP server, you can get LDAP settings from your network person OR if you do not have LDAP server and want to test it you can use Apache Directory server.
Configure LDAP Role from MWS Roles (example query an user group from LDAP)
Now in IS Admin, configure the CentralUser data pool to point to same DB where MWS is pointing.
Restart your IS
Go to ACL Settings. Create your own ACL or for testing, go to Administrator ACL and click on Add button.
Once you click Add button you can see dialog box for users and in that drop down list. select central users and press “GO”
You can see your LDAP role and select the role and save. All the users which are associated with this LDAP role will be administrators on IS.
Log off from IS and try to login with LDAP username and password and here you go …!!!

I have tested this on Red Hat Linux installation and Windows XP, it works perfectly fine.

Broker component is not involved in this.

Note : for real time implementation, please note all business users should be a part of Monitor ACL if they are given priviledges to see the Process Instances and Analytics.

Regards,
Sumit

Jesus_Ricardo · July 29, 2008, 1:24am

Sumit,
Thank you so much for the active directory steps.
Where do i look for central user management configuration from webMethods itself.
Not using Active directory.
Can you help me with that please?
I cannot see the option of configuring central user management.
Please help

Jesus_Ricardo · July 29, 2008, 3:07am

I am sorry but I am kind of desperate for help.
I have looked everywhere but i cannot get this thing working.
Any help would be monumentally appreciated

Martin_Wroblinski · July 29, 2008, 5:24pm

When IS JDBC Pool CentralUsers is pointed to the MWS database as described above IS cann access Roles from MWS. In MWS the roles can be associated either with groups provided via LDap or Groups and users defined directliy in MWS, Both is done in MWS: Administration . system wide - USer management. For more detail can be found in the MWS documentation.

On the IS using central user management u need to associated MWSS roles to acl. To do so when clicking Add for an ACL select System from the popup and then search for your MWS roles (before doing the search the popup stays empty, you can even search with empty search field).

smk1 · July 29, 2008, 11:33pm

Hi Jesus,

Hope you got that link.
Let us know if you are still stuck on that.

Regards,
Sumit

Jesus_Ricardo · August 8, 2008, 4:32am

Sumit,

You explained it to me with Active directory.
How do we do it without activedirectory, i just want to use the plain central user management so i can use common IS & MWS users.
I have read the Pdf and im asking for HELP as its very confusing.
Thank you again sumit and wroblinski

smk1 · August 8, 2008, 8:51am

Ahhh…then its very simple if you dont want to use AD or LDAP.

Just configure central user JDBC pool and point it to MWS DB.

Now create some roles/groups in MWS and then go to IS Admin Console.

Next in Admin ACL setting, add MWS group/role.

Now you can access Admin Console with MWS users

Similarly you can add MWS users in different ACLs in IS as per need.

Regards,
Sumit

jeff_aldridge · January 6, 2010, 1:56am

we have central user managament working with IS 7.1.2 and MWS 7.1.2. We created IDs on MWS, assigned them to a role, then assigned the role to the Admin ACL on our instance. then we can sign in to IS instance using the MWS id’s.

Only prob is: any new id’s added on MWS are not reflected in IS (login not accepted) unless we bounce the IS instance. Tried restarting the JDBC pool for central user management and that did not reload the new users either.

Is this a designed security feature (so you cant just add users to the central db and then log in to IS instance?) or is this a setting we can set? it seems the central user list is cached on the IS side?

thanks

smk1 · January 6, 2010, 7:03am

Hi,

What is the MWS and IS fix level?
There was one fix to resolve LDAP sync up issues.

Regards,
Sumit

psilocybe · December 23, 2010, 1:13pm

Hi,

Had exactly the same issue! IS could not connect to the central user management database of MWS.
In my server.log the following error was logged:
[ISS.0024.0001E] Could not initialize User Manager.

I used to have a connection from IS 7.1.2. to my database using the Oracle JDBC drivers (ojdbc14.jar). Everything worked except Central User Managment.

When changing the connection to the DataDirect drivers it finally worked.

Regards

Satish3 · September 20, 2012, 11:20am

Hi All,

Please help me in fixing this issue.

Regards,
Datta