PowerDesigner Portal Server Settings

The PowerDesigner Portal provides a number of server settings that you can modify on the Settings page.

General

The following general settings are available. You must restart the PowerDesigner Portal for changes to take effect:

Setting

Description

Name

Specifies the name of the repository.

Comment

Describes the repository.

Session timeout (min)

Specifies the amount of time that the browser session is permitted to be idle before it is automatically logged out.

Max users

Specifies the maximum number of users that may connect to the PowerDesigner Portal at any one time.

Object cache size (MB)

Specifies the amount of memory assigned to object caching. The default is 128MB. Increasing this value will improve performance.

LDAP

The following LDAP settings are available and can be set here or through PowerDesigner (see Controlling Repository Access with LDAP). You must restart the PowerDesigner Portal for changes to take effect:

Setting

Description

Provider URL

[required] Specifies the URL for the LDAP provider in the format ldap://ldapserverhost:port , or as an IP address.

Security protocol

[optional] Specifies the protocol to be used when connecting to the LDAP server. If you are using SSL (which is the only protocol currently supported), then you should set this parameter to ssl. We recommend that you configure LDAP access at first without SSL, and only implement the protocol once you have access working.

Default search base

[required] Specifies the level at which the query begins its search for users in the LDAP tree. As a minimum this should include the DCs of the LDAP server. For example if your ldap url is http://ldap.sybase.com then your DC would be dc=sybase, dc=com. Your default search base can include the location of the User directory such as OU=Users, dc=devpd, dc=local . The values you enter here affect what you put in the Authentication search base. If you do not put the location of the Users in the default search base then you must include them in the Authentication Search Base.

Server type

Specifies the type of the LDAP server. Selecting a server type sets silent defaults for the authentication and role filters. The following types are available:
  • none - [recommended]
  • sunone5 - for SunOne 5.x OR iPlanet 5.x
  • msad2k - for Microsoft Active Directory, Windows 2000
  • nsds4 - for Netscape Directory Server 4.x
  • openldap - for OpenLDAP Directory Server 2.x
Since every LDAP configuration is different and these defaults may not be appropriate for your installation, we recommend that you select none.

Trusted server

[required] Specifies that the LDAP server can be trusted.

Anonymous bind

[optional] Specifies that the server supports anonymous access to the LDAP tree. If this parameter is not selected, you must specify a bind DN and password. Note that Active Directory does not support anonymous binding out of the box.

Bind DN

[required unless Anonymous bind is selected] Specifies the LDAP account that has permissions to query the Active Directory. If the Bind DN is in the same DN as the Authentication search base then the BIND DN can be just the user id for the search. Otherwise, you will need the account login and password as well as the full Distinguished Name (DN) for that account. For example If the DefaultSearchBase is ou=people,dc=Onebridge,dc=qa, and you have a user cn=csitest,cn=users,dc=Onebridge,dc=qa, then the Bind DN cannot just be csitest, but must be cn=csitest,cn=users,dc=Onebridge,dc=qa.

Bind password

[required unless Anonymous bind is selected] Specifies the password to bind with when building the initial LDAP connection.

Filter

[required] Specifies the LDAP query that looks up the user information. To determine the LDAP filter you will use, you must know the properties of the users defined in the Active Directory. The property that is being used as the login could be name, samAccountName or another property. In the following example we use the samAccountName as the login (which PowerDesigner captures in the variable {uid}:
(&(samAccountName={uid})(objectclass=user))

Scope

[required] Specifies the scope of the authentication search. You can choose between:
  • onelevel [default] - only the level specified in the the Search base is searched

  • subtree - the search begins at the level of the Search base, but also searches any subnodes.

Method

[required] Specifies the method to use for authentication requests. You can choose between:
  • simple - clear text authentication.

  • DIGEST-MD5 - hashed password authentication, which requires that the server use plain text password storage.

Digest MD5 format

[required] Specifies the DIGEST-MD5 bind authentication identity format. The default is DN.

Search base

[optional] If the default search base specified in the General group box does not include the location of the User list in your Active Directory, you must specify it here. Users may be in a common node such as cn=Users or an organization unit such as OU=Users. To determine the correct search base, you should use an LDAP browser to look at the full distinguished name of a user. Note that your Bind DN may be a user in a different node in the tree than general users so it is very important that you have the correct information for each.

Filter

Specifies the role search filter, which, when combined with the search base and scope, returns a complete list of roles within the LDAP server.  There are several default values depending on the chosen server type.  If the server type is not chosen or this property is not initialized, no roles will be available.

Scope

Specifies the role search scope. You can choose between:
  • onelevel [default]

  • subtree

Referral

Specifies the treatment of referrals. You can choose between:
  • ignore [default]

  • follow

  • throw

Name attribute

Specifies the attribute for retrieved roles that is the common name of the role.  If this value is "dn" it is interpreted specially as the entire dn of the role as the role name. The default is "cn", the common name.

Search base

Specifies the role search base.

Logging

For information about the Logging settings, see PowerDesigner Portal Client Settings.

Database

The following database settings are available. You must restart the PowerDesigner Portal for changes to take effect:

Setting

Description

Database type

Specifies the type of DBMS that hosts the repository.

Database driver

Specifies the driver used to connect to the repository database.

Host

[required] Specifies the name of the host machine for the repository database.

Port

[required] Specifies the port number of the host machine through which the repository database is available.

Database name

Specifies the name of the repository database.

User name

Specifies the database user name that the repository uses to access the DBMS.

Password

Specifies the database password that the repository uses to access the DBMS.

Isolation level

Specifies the isolation level used to isolate transactions in a multi-user environment. By default, level 1 is used for ASA databases and level 2 for ASE. See your DBMS documentation for information about the behavior of each level in your environment.

Initial pool size

Specifies the initial number of connections in the connection pool. The default is 1.

Min idle

Specifies the minimum connection idle time.

Max idle

Specifies the maximum connection idle time.

Max wait (msec)

Specifies the maximum connection wait time.

Max active

Specifies the maximum permitted number of connections to the database.

Charset

[ASE only] Specifies the character set used by the database.

Search

The following search settings are available. You must restart the PowerDesigner Portal for changes to take effect:

Setting

Description

Index Information

Specifies the last time the search index was rebuilt, the next time it will be built, its location, size, and the number of attributes indexed.

Index rebuild interval

Specifies the interval between rebuilds of the search index in minutes. By default, the index is rebuilt every 120 minutes. Click the Rebuild Index button to perform an immediate rebuild.

License

The following license server settings are available. You must restart the PowerDesigner Portal for changes to take effect:

Setting

Description

Host

Specifies the name of the SySAM license server that serves licenses to PowerDesigner Portal users.

Port

Specifies the port to use to access the license server.

Security

The following password policy settings are available and can be set here or through PowerDesigner (see Defining a Password Policy). You must restart the PowerDesigner Portal for changes to take effect:

Setting Description
Password length Specifies the minimum and maximum permitted length of passwords. This option cannot be disabled. The minimum minimum length for a password is 6 characters.
Password must contain Specifies that passwords must contain at least one of each of the character types selected.
Disallow reuse of previous x passwords Prevents users from reusing the specified number of old passwords.
Enforce changing of passwords after x days Requires that users change their passwords after the specified number of days.
Block inactive users after x days without connection Blocks users if they try to log in after the specified number of days of inactivity.
Temporarily block users for x minutes after y failures to log in Blocks users for the specified number of minutes if they submit an invalid combination of username and password the specified number of times.
Temporary passwords issued by an administrator are valid for x days Specifies the period for which temporary passwords (which are issued when a user is created or unblocked) are valid. Users attempting to use a temporary password after this time will be blocked.

Notification

The following change notification settings are available and can be set here or through PowerDesigner (see Specifying an SMTP Server for Notifications):

Setting

Description

SMTP host

Specifies the host name of the SMTP server used to send mail.

SMTP port

Specifies the port number of the SMTP server used to send mail.

Sender's email address

Specifies the email address from which to send mails.

Use Secure Socket Layer (SSL)

Specifies to connect to the SMTP mail server through SSL.

Server requires authentication

Specifies that the SMTP server requires authentication. If you select this option, then you must specify an SMTP account and password, and can instruct PowerDesigner to use Secure Password Authentication (SPA).

In addition, you can control the content of notification emails by selecting items in the Mail template list and overriding the default text associated with them.