webMethods

Hi,

We use an LDAP server to authenticate MWS users who are assigned Roles within MWS.

This has been working well, however over time we are noticing a slow down in performance when logging in.

This appears to be due to staff who have left the company and their LDAP account has been removed, before the MWS user admin team can remove that user from their role in MWS.

Once the LDAP account is removed, you can no longer remove them from the role.

This seems to cause MWS to report all the missing role members every time anyone logs into MWS and day by day the login process takes a little bit longer. 10 to 20 seconds is now common. This is not a problem if you login with a local account such as Administrator.

Has anyone got any advice on how to tidy up the non-existent LDAP users from the roles.

The error shown in the MWS logs indicates the following warning for every user missing.

2020-09-02 09:15:51 BST (Framework:WARN) [RID:27736] - Unable to locate role member: /directory/vds connection/user/cn%3dsurname%5c%2c%20firstname%2cou%3dusers%2cou%3din%20country%20-%20xxxxxx%20yyyyyyy%20(inbl3)%2cou%3dusers%2cou%3dapac%2cou%3dcompany%2cdc%3dldapserver%2cdc%3dcom
2020-09-02 09:15:51 BST (Framework:WARN) [RID:27736] - referral

We are running on version 9.5.1.14.223 and planning on upgrading to get back into support, but would appreciate some interim advice.

Thanks in advance.

There has been a tool (available as portlet) developed to clean up such cases by RnD “Cleanup_InvalidUsers” but im not sure it is available on 9.5

I am also interested in such a tool (hopefully included in the MWS by default at some point) for wM 9.12 and newer versions.

During our current migration to wM 9.12 and cutover from one LDAP-based directory service to another (internal change of implementation) there is a cleanup performed where outdated users have been cleaned up in the new directory service.

Regards,
Holger

I believe it is available with 9.12. See page 97: