BEA Systems, Inc.
WebLogic Server 8.1 API Reference

weblogic.security.providers.authentication
Interface LDAPAuthenticatorMBean

All Known Subinterfaces:
ActiveDirectoryAuthenticatorMBean, IPlanetAuthenticatorMBean, NovellAuthenticatorMBean, OpenLDAPAuthenticatorMBean
public interface LDAPAuthenticatorMBean
extends weblogic.management.commo.StandardInterface, weblogic.security.providers.authentication.LoginExceptionPropagatorMBean, LDAPServerMBean, UserReaderMBean, GroupReaderMBean, GroupMemberListerMBean, MemberGroupListerMBean, UserPasswordEditorMBean, weblogic.management.security.authentication.GroupMembershipHierarchyCacheMBean

This MBean contains attributes for the LDAP servers supported by the LDAP Authentication providers. Subinterfaces of this MBean override default values specific to an LDAP server.

Author:
Copyright © 2004 BEA Systems, Inc. All Rights Reserved.

Method Summary
 java.lang.String getAllGroupsFilter()
          An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
 java.lang.String getAllUsersFilter()
          An LDAP search filter for finding all users beneath the base user distinguished name (DN).
 java.lang.String getDescription()
          A short description of the LDAP Authentication provider.
 java.lang.String getDynamicGroupNameAttribute()
          The attribute of a dynamic LDAP group object that specifies the name of the group.
 java.lang.String getDynamicGroupObjectClass()
          The LDAP object class that stores dynamic groups.
 java.lang.String getDynamicMemberURLAttribute()
          The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
 java.lang.String getGroupBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 java.lang.String getGroupFromNameFilter()
          An LDAP search filter for finding a group given the name of the group.
 java.lang.String getGroupMembershipSearching()
          Specifies whether recursive group membership searching is unlimited or limited.
 java.lang.String getGroupSearchScope()
          Specifies how deep in the LDAP directory tree to search for groups.
 java.lang.Boolean getIgnoreDuplicateMembership()
          This Specifies whether we should Ignore the Duplicate members while adding groups.This Ignores Cycles in the Group membership.
 java.lang.Integer getMaxGroupMembershipSearchLevel()
          This specifies how many levels of group membership can be searched.
 java.lang.String getProviderClassName()
          The name of the Java class used to load the LDAP Authentication provider.
 java.lang.String getStaticGroupDNsfromMemberDNFilter()
          An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member.
 java.lang.String getStaticGroupNameAttribute()
          The attribute of a static LDAP group object that specifies the name of the group.
 java.lang.String getStaticGroupObjectClass()
          The name of the LDAP object class that stores static groups.
 java.lang.String getStaticMemberDNAttribute()
          The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
 java.lang.String getUserBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 java.lang.String getUserDynamicGroupDNAttribute()
          The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
 java.lang.Boolean getUseRetrievedUserNameAsPrincipal()
          This Flag Specifies Whether We should use the UserName Retrieved from LDAP as the Principal in the Subject.
 java.lang.String getUserFromNameFilter()
          An LDAP search filter for finding a user given the name of the user.
 java.lang.String getUserNameAttribute()
          The attribute of an LDAP user object that specifies the name of the user.
 java.lang.String getUserObjectClass()
          The LDAP object class that stores users.
 java.lang.String getUserSearchScope()
          Specifies how deep in the LDAP directory tree to search for Users.
 java.lang.String getVersion()
          The version number of the LDAP Authentication provider.
 void setAllGroupsFilter(java.lang.String newValue)
          An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
 void setAllUsersFilter(java.lang.String newValue)
          An LDAP search filter for finding all users beneath the base user distinguished name (DN).
 void setDynamicGroupNameAttribute(java.lang.String newValue)
          The attribute of a dynamic LDAP group object that specifies the name of the group.
 void setDynamicGroupObjectClass(java.lang.String newValue)
          The LDAP object class that stores dynamic groups.
 void setDynamicMemberURLAttribute(java.lang.String newValue)
          The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
 void setGroupBaseDN(java.lang.String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 void setGroupFromNameFilter(java.lang.String newValue)
          An LDAP search filter for finding a group given the name of the group.
 void setGroupMembershipSearching(java.lang.String newValue)
          Specifies whether recursive group membership searching is unlimited or limited.
 void setGroupSearchScope(java.lang.String newValue)
          Specifies how deep in the LDAP directory tree to search for groups.
 void setIgnoreDuplicateMembership(java.lang.Boolean newValue)
          This Specifies whether we should Ignore the Duplicate members while adding groups.This Ignores Cycles in the Group membership.
 void setMaxGroupMembershipSearchLevel(java.lang.Integer newValue)
          This specifies how many levels of group membership can be searched.
 void setStaticGroupDNsfromMemberDNFilter(java.lang.String newValue)
          An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member.
 void setStaticGroupNameAttribute(java.lang.String newValue)
          The attribute of a static LDAP group object that specifies the name of the group.
 void setStaticGroupObjectClass(java.lang.String newValue)
          The name of the LDAP object class that stores static groups.
 void setStaticMemberDNAttribute(java.lang.String newValue)
          The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
 void setUserBaseDN(java.lang.String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 void setUserDynamicGroupDNAttribute(java.lang.String newValue)
          The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
 void setUseRetrievedUserNameAsPrincipal(java.lang.Boolean newValue)
          This Flag Specifies Whether We should use the UserName Retrieved from LDAP as the Principal in the Subject.
 void setUserFromNameFilter(java.lang.String newValue)
          An LDAP search filter for finding a user given the name of the user.
 void setUserNameAttribute(java.lang.String newValue)
          The attribute of an LDAP user object that specifies the name of the user.
 void setUserObjectClass(java.lang.String newValue)
          The LDAP object class that stores users.
 void setUserSearchScope(java.lang.String newValue)
          Specifies how deep in the LDAP directory tree to search for Users.
 
Methods inherited from interface weblogic.security.providers.authentication.LoginExceptionPropagatorMBean
getPropagateCauseForLoginException, setPropagateCauseForLoginException
 
Methods inherited from interface weblogic.management.utils.LDAPServerMBean
getCacheSize, getCacheTTL, getConnectionRetryLimit, getConnectTimeout, getCredential, getHost, getParallelConnectDelay, getPort, getPrincipal, getResultsTimeLimit, isBindAnonymouslyOnReferrals, isCacheEnabled, isFollowReferrals, isSSLEnabled, setBindAnonymouslyOnReferrals, setCacheEnabled, setCacheSize, setCacheTTL, setConnectionRetryLimit, setConnectTimeout, setCredential, setFollowReferrals, setHost, setParallelConnectDelay, setPort, setPrincipal, setResultsTimeLimit, setSSLEnabled
 
Methods inherited from interface weblogic.management.security.authentication.UserReaderMBean
getUserDescription, listUsers, userExists
 
Methods inherited from interface weblogic.management.security.authentication.GroupMemberListerMBean
listGroupMembers
 
Methods inherited from interface weblogic.management.security.authentication.MemberGroupListerMBean
listMemberGroups
 
Methods inherited from interface weblogic.management.security.authentication.UserPasswordEditorMBean
changeUserPassword, resetUserPassword
 
Methods inherited from interface weblogic.management.security.authentication.GroupMembershipHierarchyCacheMBean
getEnableGroupMembershipLookupHierarchyCaching, getGroupHierarchyCacheTTL, getMaxGroupHierarchiesInCache, setEnableGroupMembershipLookupHierarchyCaching, setGroupHierarchyCacheTTL, setMaxGroupHierarchiesInCache
 
Methods inherited from interface weblogic.management.security.authentication.AuthenticatorMBean
getControlFlag, setControlFlag
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm, setRealm
 

Method Detail

getProviderClassName

public java.lang.String getProviderClassName()
The name of the Java class used to load the LDAP Authentication provider.

Default Value: "weblogic.security.providers.authentication.LDAPAuthenticationProviderImpl"
Legal NULL: true

getDescription

public java.lang.String getDescription()
A short description of the LDAP Authentication provider.

Default Value: "Provider that performs LDAP authentication"
Legal NULL: true

getVersion

public java.lang.String getVersion()
The version number of the LDAP Authentication provider.

Default Value: "1.0"
Legal NULL: true

getUserObjectClass

public java.lang.String getUserObjectClass()
The LDAP object class that stores users.

Default Value: "person"
Legal NULL: true

setUserObjectClass

public void setUserObjectClass(java.lang.String newValue)
                        throws javax.management.InvalidAttributeValueException
The LDAP object class that stores users.

Default Value: "person"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserObjectClass
Throws:
javax.management.InvalidAttributeValueException -  

getUserNameAttribute

public java.lang.String getUserNameAttribute()
The attribute of an LDAP user object that specifies the name of the user.

Default Value: "uid"
Legal NULL: true

setUserNameAttribute

public void setUserNameAttribute(java.lang.String newValue)
                          throws javax.management.InvalidAttributeValueException
The attribute of an LDAP user object that specifies the name of the user.

Default Value: "uid"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserNameAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getUserDynamicGroupDNAttribute

public java.lang.String getUserDynamicGroupDNAttribute()
The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.

Legal NULL: true

setUserDynamicGroupDNAttribute

public void setUserDynamicGroupDNAttribute(java.lang.String newValue)
                                    throws javax.management.InvalidAttributeValueException
The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.

Legal NULL: true
Parameters:
newValue - - new value for attribute UserDynamicGroupDNAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getUserBaseDN

public java.lang.String getUserBaseDN()
The base distinguished name (DN) of the tree in the LDAP directory that contains users.

Default Value: "ou=people, o=example.com"
Legal NULL: true

setUserBaseDN

public void setUserBaseDN(java.lang.String newValue)
                   throws javax.management.InvalidAttributeValueException
The base distinguished name (DN) of the tree in the LDAP directory that contains users.

Default Value: "ou=people, o=example.com"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserBaseDN
Throws:
javax.management.InvalidAttributeValueException -  

getUserSearchScope

public java.lang.String getUserSearchScope()
Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.

Default Value: "subtree"
Legal NULL: true
Legal Values: subtree,onelevel

setUserSearchScope

public void setUserSearchScope(java.lang.String newValue)
                        throws javax.management.InvalidAttributeValueException
Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.

Default Value: "subtree"
Legal NULL: true
Legal Values: subtree,onelevel
Parameters:
newValue - - new value for attribute UserSearchScope
Throws:
javax.management.InvalidAttributeValueException -  

getUserFromNameFilter

public java.lang.String getUserFromNameFilter()
An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Default Value: "(&(uid=%u)(objectclass=person))"
Legal NULL: true

setUserFromNameFilter

public void setUserFromNameFilter(java.lang.String newValue)
                           throws javax.management.InvalidAttributeValueException
An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Default Value: "(&(uid=%u)(objectclass=person))"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserFromNameFilter
Throws:
javax.management.InvalidAttributeValueException -  

getAllUsersFilter

public java.lang.String getAllUsersFilter()
An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Legal NULL: true

setAllUsersFilter

public void setAllUsersFilter(java.lang.String newValue)
                       throws javax.management.InvalidAttributeValueException
An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Legal NULL: true
Parameters:
newValue - - new value for attribute AllUsersFilter
Throws:
javax.management.InvalidAttributeValueException -  

getGroupBaseDN

public java.lang.String getGroupBaseDN()
The base distinguished name (DN) of the tree in the LDAP directory that contains groups.

Default Value: "ou=groups, o=example.com"
Legal NULL: true

setGroupBaseDN

public void setGroupBaseDN(java.lang.String newValue)
                    throws javax.management.InvalidAttributeValueException
The base distinguished name (DN) of the tree in the LDAP directory that contains groups.

Default Value: "ou=groups, o=example.com"
Legal NULL: true
Parameters:
newValue - - new value for attribute GroupBaseDN
Throws:
javax.management.InvalidAttributeValueException -  

getGroupSearchScope

public java.lang.String getGroupSearchScope()
Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.

Default Value: "subtree"
Legal NULL: true
Legal Values: subtree,onelevel

setGroupSearchScope

public void setGroupSearchScope(java.lang.String newValue)
                         throws javax.management.InvalidAttributeValueException
Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.

Default Value: "subtree"
Legal NULL: true
Legal Values: subtree,onelevel
Parameters:
newValue - - new value for attribute GroupSearchScope
Throws:
javax.management.InvalidAttributeValueException -  

getGroupFromNameFilter

public java.lang.String getGroupFromNameFilter()
An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Default Value: "(&(cn=%g)(objectclass=groupofuniquenames))"
Legal NULL: true

setGroupFromNameFilter

public void setGroupFromNameFilter(java.lang.String newValue)
                            throws javax.management.InvalidAttributeValueException
An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Default Value: "(&(cn=%g)(objectclass=groupofuniquenames))"
Legal NULL: true
Parameters:
newValue - - new value for attribute GroupFromNameFilter
Throws:
javax.management.InvalidAttributeValueException -  

getAllGroupsFilter

public java.lang.String getAllGroupsFilter()
An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.

Legal NULL: true

setAllGroupsFilter

public void setAllGroupsFilter(java.lang.String newValue)
                        throws javax.management.InvalidAttributeValueException
An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.

Legal NULL: true
Parameters:
newValue - - new value for attribute AllGroupsFilter
Throws:
javax.management.InvalidAttributeValueException -  

getStaticGroupObjectClass

public java.lang.String getStaticGroupObjectClass()
The name of the LDAP object class that stores static groups.

Default Value: "groupofuniquenames"
Legal NULL: true

setStaticGroupObjectClass

public void setStaticGroupObjectClass(java.lang.String newValue)
                               throws javax.management.InvalidAttributeValueException
The name of the LDAP object class that stores static groups.

Default Value: "groupofuniquenames"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticGroupObjectClass
Throws:
javax.management.InvalidAttributeValueException -  

getStaticGroupNameAttribute

public java.lang.String getStaticGroupNameAttribute()
The attribute of a static LDAP group object that specifies the name of the group.

Default Value: "cn"
Legal NULL: true

setStaticGroupNameAttribute

public void setStaticGroupNameAttribute(java.lang.String newValue)
                                 throws javax.management.InvalidAttributeValueException
The attribute of a static LDAP group object that specifies the name of the group.

Default Value: "cn"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticGroupNameAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getStaticMemberDNAttribute

public java.lang.String getStaticMemberDNAttribute()
The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.

Default Value: "uniquemember"
Legal NULL: true

setStaticMemberDNAttribute

public void setStaticMemberDNAttribute(java.lang.String newValue)
                                throws javax.management.InvalidAttributeValueException
The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.

Default Value: "uniquemember"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticMemberDNAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getStaticGroupDNsfromMemberDNFilter

public java.lang.String getStaticGroupDNsfromMemberDNFilter()
An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Default Value: "(&(uniquemember=%M)(objectclass=groupofuniquenames))"
Legal NULL: true

setStaticGroupDNsfromMemberDNFilter

public void setStaticGroupDNsfromMemberDNFilter(java.lang.String newValue)
                                         throws javax.management.InvalidAttributeValueException
An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Default Value: "(&(uniquemember=%M)(objectclass=groupofuniquenames))"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticGroupDNsfromMemberDNFilter
Throws:
javax.management.InvalidAttributeValueException -  

getDynamicGroupObjectClass

public java.lang.String getDynamicGroupObjectClass()
The LDAP object class that stores dynamic groups.

Legal NULL: true

setDynamicGroupObjectClass

public void setDynamicGroupObjectClass(java.lang.String newValue)
                                throws javax.management.InvalidAttributeValueException
The LDAP object class that stores dynamic groups.

Legal NULL: true
Parameters:
newValue - - new value for attribute DynamicGroupObjectClass
Throws:
javax.management.InvalidAttributeValueException -  

getDynamicGroupNameAttribute

public java.lang.String getDynamicGroupNameAttribute()
The attribute of a dynamic LDAP group object that specifies the name of the group.

Legal NULL: true

setDynamicGroupNameAttribute

public void setDynamicGroupNameAttribute(java.lang.String newValue)
                                  throws javax.management.InvalidAttributeValueException
The attribute of a dynamic LDAP group object that specifies the name of the group.

Legal NULL: true
Parameters:
newValue - - new value for attribute DynamicGroupNameAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getDynamicMemberURLAttribute

public java.lang.String getDynamicMemberURLAttribute()
The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.

Legal NULL: true

setDynamicMemberURLAttribute

public void setDynamicMemberURLAttribute(java.lang.String newValue)
                                  throws javax.management.InvalidAttributeValueException
The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.

Legal NULL: true
Parameters:
newValue - - new value for attribute DynamicMemberURLAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getGroupMembershipSearching

public java.lang.String getGroupMembershipSearching()
Specifies whether recursive group membership searching is unlimited or limited. Valid values are unlimited and limited.

Default Value: "unlimited"
Legal NULL: true
Legal Values: unlimited,limited

setGroupMembershipSearching

public void setGroupMembershipSearching(java.lang.String newValue)
                                 throws javax.management.InvalidAttributeValueException
Specifies whether recursive group membership searching is unlimited or limited. Valid values are unlimited and limited.

Default Value: "unlimited"
Legal NULL: true
Legal Values: unlimited,limited
Parameters:
newValue - - new value for attribute GroupMembershipSearching
Throws:
javax.management.InvalidAttributeValueException -  

getMaxGroupMembershipSearchLevel

public java.lang.Integer getMaxGroupMembershipSearchLevel()
This specifies how many levels of group membership can be searched. This setting is valid only if GroupMemberShipSearching is set to limited Valid values are 0, and positive integers. For example, 0 indicates only direct group memberships will be found, positive number indicates the number of levels to go down.

Default Value: new Integer(0)
Legal NULL: true

setMaxGroupMembershipSearchLevel

public void setMaxGroupMembershipSearchLevel(java.lang.Integer newValue)
                                      throws javax.management.InvalidAttributeValueException
This specifies how many levels of group membership can be searched. This setting is valid only if GroupMemberShipSearching is set to limited Valid values are 0, and positive integers. For example, 0 indicates only direct group memberships will be found, positive number indicates the number of levels to go down.

Default Value: new Integer(0)
Legal NULL: true
Parameters:
newValue - - new value for attribute MaxGroupMembershipSearchLevel
Throws:
javax.management.InvalidAttributeValueException -  

getUseRetrievedUserNameAsPrincipal

public java.lang.Boolean getUseRetrievedUserNameAsPrincipal()
This Flag Specifies Whether We should use the UserName Retrieved from LDAP as the Principal in the Subject.

Default Value: new Boolean(false)
Legal NULL: true

setUseRetrievedUserNameAsPrincipal

public void setUseRetrievedUserNameAsPrincipal(java.lang.Boolean newValue)
                                        throws javax.management.InvalidAttributeValueException
This Flag Specifies Whether We should use the UserName Retrieved from LDAP as the Principal in the Subject.

Default Value: new Boolean(false)
Legal NULL: true
Parameters:
newValue - - new value for attribute UseRetrievedUserNameAsPrincipal
Throws:
javax.management.InvalidAttributeValueException -  

getIgnoreDuplicateMembership

public java.lang.Boolean getIgnoreDuplicateMembership()
This Specifies whether we should Ignore the Duplicate members while adding groups.This Ignores Cycles in the Group membership.

Default Value: new Boolean(false)
Legal NULL: true

setIgnoreDuplicateMembership

public void setIgnoreDuplicateMembership(java.lang.Boolean newValue)
                                  throws javax.management.InvalidAttributeValueException
This Specifies whether we should Ignore the Duplicate members while adding groups.This Ignores Cycles in the Group membership.

Default Value: new Boolean(false)
Legal NULL: true
Parameters:
newValue - - new value for attribute IgnoreDuplicateMembership
Throws:
javax.management.InvalidAttributeValueException -  
Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs81