Configuring API Gateway to Use LDAP

About this task

If your site uses Lightweight Directory Access Protocol (LDAP) for user and group information, you can configure API Gateway to obtain user and group information from the external directory.

LDAP protocols are designed to facilitate sharing information about resources on a network. Typically, they are used to store profile information (login ID, password, and so on.). You can also use them to store additional information. API Gateway uses LDAP for performing external authentication.

Using your existing LDAP information allows you to take advantage of a central repository of user and group information. System administrators can add and remove users from the central location. Users do not need to remember a separate password for webMethods applications; they can use the same user names and passwords that they use for other applications. Remember to use your LDAP tools to administer users or groups stored in an external directory.

To configure the server to use LDAP, you must:

Instruct API Gateway to use the LDAP protocol. API Gateway supports LDAP v3.
Define one or more configured LDAP servers that API Gateway is to use for these users.
Set the watt.server.ssl.trustStoreAlias property, if an LDAP provider is SSL-enabled, to point to the trusstore alias that contains the certificates required to establish a secure connection with the LDAP server.

To specify LDAP as the external provider

Procedure

Expand the menu options icon , in the title bar, and select User management.
Click LDAP configuration.
Under Provider select LDAP.

Provide the following information:

Field	Description
Cache size (number of users)	Specifies the maximum number of LDAP users API Gateway can keep in memory in the user cache. The default value is 10. Once the limit is reached, API Gateway selects users for removal from the cache based on how long they have been idle. As a result, activity can extend the time a user remains in the cache.
Credential time-to-live (minutes)	Specifies the number of minutes an LDAP user's credentials (userid and password) can remain in the credential cache before being purged. The default is 60 minutes. When a user first attempts to log in, API Gateway creates a user object and checks the user's credentials against the LDAP directory. API Gateway stores the credentials so that subsequent requests to authenticate are made against the cached credentials, not the LDAP directory.

Field

Description

Cache size (number of users)

Specifies the maximum number of LDAP users API Gateway can keep in memory in the user cache.

The default value is 10.

Once the limit is reached, API Gateway selects users for removal from the cache based on how long they have been idle. As a result, activity can extend the time a user remains in the cache.

Credential time-to-live (minutes)

Specifies the number of minutes an LDAP user's credentials (userid and password) can remain in the credential cache before being purged.

The default is 60 minutes.

When a user first attempts to log in, API Gateway creates a user object and checks the user's credentials against the LDAP directory. API Gateway stores the credentials so that subsequent requests to authenticate are made against the cached credentials, not the LDAP directory.

Click Save.