configure Central User Management/ LDAP

Hello wM Gurus,
Newbie here so , please forgive me for my kid questions.
We have webMethods IS v.7.1.1.
Im trying to configure central management/LDAP.

When i tried to configure central user management:
Here is what i did as per the 7.1.1 admin guide:

The guide says to configure central user management I should:
[FONT=PalatinoLinotype-Roman][SIZE=3][FONT=Times New Roman][FONT=PalatinoLinotype-Roman][SIZE=3]

initialize the connection pool.

So after doing this it still says Central user management " not configured" under SECURITY/USER MANAGEMENR/GENERAL
[/size][/font][/FONT][/SIZE][/FONT]
So tried to use LDAP by doing the following as per the guide:
[FONT=PalatinoLinotype-Roman][SIZE=3]

[/size][/font][B][FONT=Arial][SIZE=3]

[/size][B][FONT=Arial][SIZE=3]

[/size][B][FONT=Arial][SIZE=3]

[/size][FONT=Arial][SIZE=3]5 [/size][/font]Next to [FONT=Arial][SIZE=3]Provider[/size][/font], select [FONT=Arial][SIZE=3]LDAP[/size][/font].

But I do not see any options to add LDAP as provider.

Did i miss out something during installation?
Is there a Jar file that is missing?
An extended setting that I am overlooking??
I would appreciate any responses.
Thanks a lot for the help.
Jesus

Anyone?
RMG?Carlson?Ron Eamon?Dan?
Do you guys think it could be because I do not have a broker installed?
Any guesses?

Hi Jesus,

One thing to note : You can either do LDAP from IS or Central User Configuration.
Assuming that you want common users between IS and MWS, here are the steps :

1. Point MWS DB to same as what IS is using
2. In MWS, go to Settings → Directory Services → ADSI (auuming microsoft active directory or you can select other options depending upon your LDAP provider)
3. Configure LDAP server, you can get LDAP settings from your network person OR if you do not have LDAP server and want to test it you can use Apache Directory server.
4. Configure LDAP Role from MWS Roles (example query an user group from LDAP)
5. Now in IS Admin, configure the CentralUser data pool to point to same DB where MWS is pointing.
6. Restart your IS
7. Go to ACL Settings. Create your own ACL or for testing, go to Administrator ACL and click on Add button.
8. Once you click Add button you can see dialog box for users and in that drop down list. select central users and press “GO”
9. You can see your LDAP role and select the role and save. All the users which are associated with this LDAP role will be administrators on IS.
10. Log off from IS and try to login with LDAP username and password and here you go …!!!

I have tested this on Red Hat Linux installation and Windows XP, it works perfectly fine.

Broker component is not involved in this.

Note : for real time implementation, please note all business users should be a part of Monitor ACL if they are given priviledges to see the Process Instances and Analytics.

Regards,
Sumit

Sumit,
Thank you so much for the active directory steps.
Where do i look for central user management configuration from webMethods itself.
Not using Active directory.
Can you help me with that please?
I cannot see the option of configuring central user management.
Please help

I am sorry but I am kind of desperate for help.
I have looked everywhere but i cannot get this thing working.
Any help would be monumentally appreciated

When IS JDBC Pool CentralUsers is pointed to the MWS database as described above IS cann access Roles from MWS. In MWS the roles can be associated either with groups provided via LDap or Groups and users defined directliy in MWS, Both is done in MWS: Administration . system wide - USer management. For more detail can be found in the MWS documentation.

On the IS using central user management u need to associated MWSS roles to acl. To do so when clicking Add for an ACL select System from the popup and then search for your MWS roles (before doing the search the popup stays empty, you can even search with empty search field).

Hi Jesus,

Hope you got that link.
Let us know if you are still stuck on that.

Regards,
Sumit

Sumit,

You explained it to me with Active directory.
How do we do it without activedirectory, i just want to use the plain central user management so i can use common IS & MWS users.
I have read the Pdf and im asking for HELP as its very confusing.
Thank you again sumit and wroblinski

Ahhh…then its very simple if you dont want to use AD or LDAP.

Just configure central user JDBC pool and point it to MWS DB.

Now create some roles/groups in MWS and then go to IS Admin Console.

Next in Admin ACL setting, add MWS group/role.

Now you can access Admin Console with MWS users

Similarly you can add MWS users in different ACLs in IS as per need.

Regards,
Sumit

we have central user managament working with IS 7.1.2 and MWS 7.1.2. We created IDs on MWS, assigned them to a role, then assigned the role to the Admin ACL on our instance. then we can sign in to IS instance using the MWS id’s.

Only prob is: any new id’s added on MWS are not reflected in IS (login not accepted) unless we bounce the IS instance. Tried restarting the JDBC pool for central user management and that did not reload the new users either.

Is this a designed security feature (so you cant just add users to the central db and then log in to IS instance?) or is this a setting we can set? it seems the central user list is cached on the IS side?

thanks

Hi,

What is the MWS and IS fix level?
There was one fix to resolve LDAP sync up issues.

Regards,
Sumit

Hi,

Had exactly the same issue! IS could not connect to the central user management database of MWS.
In my server.log the following error was logged:
[ISS.0024.0001E] Could not initialize User Manager.

I used to have a connection from IS 7.1.2. to my database using the Oracle JDBC drivers (ojdbc14.jar). Everything worked except Central User Managment.

When changing the connection to the DataDirect drivers it finally worked.

Regards

Hi All,

Please help me in fixing this issue.

Regards,
Datta