User management: LDAP or MWS?

Hello all, thanks for reading this thread.

First of all - if there is already some usefull info on this on the forum, please show me the light, I couldn’t find much…

My question is related to user management within the latest versions of wM.
We are soon going to 7.1 and at the same time, we want to do something about user and access management. We are considering working with MWS internal database for storing the user, or moving the users to an LDAP.

So the question is pretty straightforward - which should we use?
Seeing 7.1 is FCS, I understand that it is probably difficult to get the right answer, but please give it a shot, even if it is out of 6.5/7.0 experience.

Elements to consider:

  • How good is WmComAuth to replicate to ISes? Are there cluster problems?
  • How easy is it to connect to LDAP? Is the connection stable? Did you experience many bugs- how about features you would like to see?
  • How bad of an idea would it be to manage the LDAP from wM? I have looked at the ldap services in WmPublic, apparently you can update or delete the user, but how about creating one?
  • Any issues with ACLs and users stored in LDAP?
  • Howbout failover - how well does wM manage connections to two LDAPs? Howbout MWS? I read somewhere that a MWS jam could block all traffic? Does it jam often? :wink:

Any thoughts, comments, questions or references are more than welcome!

Thanks,

Loic

Loic:
It seems you are confused over MWS and LDAP. In my opinion, MWS would be handy for you to define business users/viewers to have their peep into portlets hosted to view business data/BAM reports etc.

LDAP on the other hand is a generic user management medium. I have exposure to working with MS Active directory with IS.

  • How good is WmComAuth to replicate to ISes? Are there cluster problems?

Answer) Not Sure

- How easy is it to connect to LDAP? Is the connection stable? Did you experience many bugs- how about features you would like to see?

Answer) Configuring an LDAP connection is simple.It is also easy to quest LDAP to get users/groups and map them to ACLs. There are some issues related to caching.However with all fixes installed it is stable enough.

  • How bad of an idea would it be to manage the LDAP from wM? I have looked at the ldap services in WmPublic, apparently you can update or delete the user, but how about creating one?

Answer) In my opinion, why would you use IS to manage LDAP? IMHO LDAP management needs to be done using its own UI. webMethods Architect/developers can only guide and advise creation/modification of users/groups roles /access on LDAP.

  • Any issues with ACLs and users stored in LDAP?

Answer) Works pretty well for me

  • Howbout failover - how well does wM manage connections to two LDAPs? Howbout MWS? I read somewhere that a MWS jam could block all traffic? Does it jam often? :wink:

Answer) I guess you may want to have your LDAP servers behind a Load balancer and point IS to that Load Balancer. That way you dont have to worry about failovers. MWS Jam - I am not sure :slight_smile: but Optimize data handler and purge process is known to be notorious :slight_smile:

HTH
Pritam

Thanks for your input Pritam, helpfull info indeed!

Cheers,

Loic

Hi Pritam,

Please let me know the steps for configuring LDAP in IS only, and is it mandatory to so some settings in MWS as well?

Regards,
Datta

I believe you should do settings in MWS also:

Hi Satish,

You have to define directory service in MWS.
Once that is done, you need to associate a db pool to CentralUsers in IS. This db pool in IS should point to the database hosting your MWS schema.

Please refer the “My webMethods Administrator Functions” section in Administering_My_webMethods_Servers guide.

Regards,
Sumit