Domain: Security: Embedded LDAP
Configuration Options Related Tasks Related Topics
This page allows you to configure the embedded LDAP server for this WebLogic Server domain.
The embedded LDAP server contains user, group, group membership, security role, security policy, and credential map information. By default, each WebLogic Server domain has an embedded LDAP server configured with the default values set for each attribute. The WebLogic Authentication, Authorization, Credential Mapping, and Role Mapping providers use the embedded LDAP server as their database. If you use any of these providers in a new security realm, you may want to change the default values for the embedded LDAP server to optimize its use in your environment.
Name Description Credential
The credential (usually a password) used to connect to the embedded LDAP server.
If this credential has not been set, WebLogic Server generates a password at startup, initializes the attribute, and saves the configuration to the config.xml file. If you want to connect to the embedded LDAP server using an external LDAP browser and the embedded LDAP administrator account (cn=Admin), change this attribute from the generated value.
As of 8.1 sp4, when you get the value of this attribute, WebLogic Server does the following:
Retrieves the value of the
Decrypts the value and returns the unencrypted password as a String.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the
CredentialEncryptedattribute to the encrypted value.
Credentialattribute is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.
Instead of using this attribute, use
The hour at which the embedded LDAP server should be backed up.
The Backup Hour value is used in conjunction with the Backup Minute value to determine the time at which the embedded LDAP server data files are backed up. At the specified time, WebLogic Server suspends writes to the embedded LDAP server, backs up the data files into a zip files in the ldap/backup directory, and then resumes writes.
The minute at which the embedded LDAP server should be backed up.
The Backup Minute value is used in conjunction with the Back Up Hour value to determine the time at which the embedded LDAP server data files are backed up
The maximum number of backup copies that should be made for the embedded LDAP server.
This value limits the number of zip files in the ldap/backup directory.
Specifies whether a cache is used with the embedded LDAP server.
This cache is used when a managed server is reading or writing to the master embedded LDAP server that is running on the Administration server.
The size of the cache (in kilobytes) that is used with the embedded LDAP server.
The time-to-live of the cache (in seconds) that is used with the embedded LDAP server.
Refresh Replica At Startup
Specifies whether a Managed Server should refresh all replicated data at boot time. (This is useful if you have made a large amount of changes when the Managed Server was not active, and you want to download the entire replica instead of having the Administration Server push each change to the Managed Server.)
Specifies whether a Managed Server should always connect to the master LDAP server (contained in the Administration Server), instead of connecting to the local replicated LDAP server (contained in the Managed Server).
Specifies the maximum number of seconds to wait for results from the embedded LDAP server before timing out. If this option is set to 0, there is no maximum time limit.
Anonymous Bind Allowed
Specifies whether the embedded LDAP server should allow anonymous connections.