Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware
Oracle WebLogic Server MBean Javadoc
11g Release 1 (10.3.6)

Part Number E13945-06
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

weblogic.security.providers.authentication
Interface LDAPAuthenticatorMBean

All Superinterfaces:
AuthenticationProviderMBean, AuthenticatorMBean, GroupMemberListerMBean, GroupMembershipHierarchyCacheMBean, GroupReaderMBean, LDAPServerMBean, ListerMBean, LoginExceptionPropagatorMBean, MemberGroupListerMBean, NameListerMBean, ProviderMBean, UserPasswordEditorMBean, UserReaderMBean
All Known Subinterfaces:
ActiveDirectoryAuthenticatorMBean, IPlanetAuthenticatorMBean, NovellAuthenticatorMBean, OpenLDAPAuthenticatorMBean, OracleInternetDirectoryAuthenticatorMBean, OracleVirtualDirectoryAuthenticatorMBean
public interface LDAPAuthenticatorMBean
extends LoginExceptionPropagatorMBean, LDAPServerMBean, UserReaderMBean, GroupReaderMBean, GroupMemberListerMBean, MemberGroupListerMBean, UserPasswordEditorMBean, GroupMembershipHierarchyCacheMBean

This MBean contains attributes for the LDAP servers supported by the LDAP Authentication providers. Subinterfaces of this MBean override default values specific to an LDAP server.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime.

Method Summary
 String getAllGroupsFilter()
          An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
 String getAllUsersFilter()
          An LDAP search filter for finding all users beneath the base user distinguished name (DN).
 String getCredential()
          The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 byte[] getCredentialEncrypted()
          Returns the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 String getDescription()
          A short description of the LDAP Authentication provider.
 String getDynamicGroupNameAttribute()
          The attribute of a dynamic LDAP group object that specifies the name of the group.
 String getDynamicGroupObjectClass()
          The LDAP object class that stores dynamic groups.
 String getDynamicMemberURLAttribute()
          The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
 Boolean getEnableGroupMembershipLookupHierarchyCaching()
          Sets whether to cache group membership hierarchies found during recursive membership lookup.
 String getGroupBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 String getGroupFromNameFilter()
          An LDAP search filter for finding a group given the name of the group.
 String getGroupMembershipSearching()
          Specifies whether group searches into nested groups are unlimited or limited.
 String getGroupSearchScope()
          Specifies how deep in the LDAP directory tree to search for groups.
 String getGuidAttribute()
          Specifies the name of the GUID attribute defined in the LDAP server that corresponds to the LDAP Authentication provider configured in the security realm.
 Boolean getIgnoreDuplicateMembership()
          Determines whether duplicate members are ignored when adding groups.
 Integer getMaxGroupMembershipSearchLevel()
          Specifies how many levels of group membership can be searched.
 String getName()
          The name of this configuration.
 String getProviderClassName()
          The name of the Java class used to load the LDAP Authentication provider.
 String getStaticGroupDNsfromMemberDNFilter()
          An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
 String getStaticGroupNameAttribute()
          The attribute of a static LDAP group object that specifies the name of the group.
 String getStaticGroupObjectClass()
          The name of the LDAP object class that stores static groups.
 String getStaticMemberDNAttribute()
          The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
 String getUserBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 String getUserDynamicGroupDNAttribute()
          The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
 Boolean getUseRetrievedUserNameAsPrincipal()
          Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
 String getUserFromNameFilter()
          An LDAP search filter for finding a user given the name of the user.
 String getUserNameAttribute()
          The attribute of an LDAP user object that specifies the name of the user.
 String getUserObjectClass()
          The LDAP object class that stores users.
 String getUserSearchScope()
          Specifies how deep in the LDAP directory tree to search for Users.
 String getVersion()
          The version number of the LDAP Authentication provider.
 boolean isKeepAliveEnabled()
          Specifies whether to prevent LDAP connections from timing out.
 void setAllGroupsFilter(String newValue)
          An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
 void setAllUsersFilter(String newValue)
          An LDAP search filter for finding all users beneath the base user distinguished name (DN).
 void setCredential(String newValue)
          The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 void setCredentialEncrypted(byte[] _bytes)
          Sets the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 void setDynamicGroupNameAttribute(String newValue)
          The attribute of a dynamic LDAP group object that specifies the name of the group.
 void setDynamicGroupObjectClass(String newValue)
          The LDAP object class that stores dynamic groups.
 void setDynamicMemberURLAttribute(String newValue)
          The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
 void setEnableGroupMembershipLookupHierarchyCaching(Boolean newValue)
          Sets whether to cache group membership hierarchies found during recursive membership lookup.
 void setGroupBaseDN(String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 void setGroupFromNameFilter(String newValue)
          An LDAP search filter for finding a group given the name of the group.
 void setGroupMembershipSearching(String newValue)
          Specifies whether group searches into nested groups are unlimited or limited.
 void setGroupSearchScope(String newValue)
          Specifies how deep in the LDAP directory tree to search for groups.
 void setGuidAttribute(String newValue)
          Specifies the name of the GUID attribute defined in the LDAP server that corresponds to the LDAP Authentication provider configured in the security realm.
 void setIgnoreDuplicateMembership(Boolean newValue)
          Determines whether duplicate members are ignored when adding groups.
 void setKeepAliveEnabled(boolean newValue)
          Specifies whether to prevent LDAP connections from timing out.
 void setMaxGroupMembershipSearchLevel(Integer newValue)
          Specifies how many levels of group membership can be searched.
 void setStaticGroupDNsfromMemberDNFilter(String newValue)
          An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
 void setStaticGroupNameAttribute(String newValue)
          The attribute of a static LDAP group object that specifies the name of the group.
 void setStaticGroupObjectClass(String newValue)
          The name of the LDAP object class that stores static groups.
 void setStaticMemberDNAttribute(String newValue)
          The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
 void setUserBaseDN(String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 void setUserDynamicGroupDNAttribute(String newValue)
          The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
 void setUseRetrievedUserNameAsPrincipal(Boolean newValue)
          Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
 void setUserFromNameFilter(String newValue)
          An LDAP search filter for finding a user given the name of the user.
 void setUserNameAttribute(String newValue)
          The attribute of an LDAP user object that specifies the name of the user.
 void setUserObjectClass(String newValue)
          The LDAP object class that stores users.
 void setUserSearchScope(String newValue)
          Specifies how deep in the LDAP directory tree to search for Users.
 
Methods inherited from interface weblogic.security.providers.authentication.LoginExceptionPropagatorMBean
getPropagateCauseForLoginException, setPropagateCauseForLoginException
 
Methods inherited from interface weblogic.management.security.authentication.AuthenticatorMBean
getControlFlag, setControlFlag
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm
 
Methods inherited from interface weblogic.management.utils.LDAPServerMBean
getCacheSize, getCacheTTL, getConnectionPoolSize, getConnectionRetryLimit, getConnectTimeout, getHost, getParallelConnectDelay, getPort, getPrincipal, getResultsTimeLimit, isBindAnonymouslyOnReferrals, isCacheEnabled, isFollowReferrals, isSSLEnabled, setBindAnonymouslyOnReferrals, setCacheEnabled, setCacheSize, setCacheTTL, setConnectionPoolSize, setConnectionRetryLimit, setConnectTimeout, setFollowReferrals, setHost, setParallelConnectDelay, setPort, setPrincipal, setResultsTimeLimit, setSSLEnabled
 
Methods inherited from interface weblogic.management.security.authentication.UserReaderMBean
getUserDescription, listUsers, userExists
 
Methods inherited from interface weblogic.management.utils.NameListerMBean
getCurrentName
 
Methods inherited from interface weblogic.management.utils.ListerMBean
advance, close, haveCurrent
 
Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean
getGroupDescription, groupExists, isMember, listGroups
 
Methods inherited from interface weblogic.management.utils.NameListerMBean
getCurrentName
 
Methods inherited from interface weblogic.management.utils.ListerMBean
advance, close, haveCurrent
 
Methods inherited from interface weblogic.management.security.authentication.GroupMemberListerMBean
listGroupMembers
 
Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean
getGroupDescription, groupExists, isMember, listGroups
 
Methods inherited from interface weblogic.management.utils.NameListerMBean
getCurrentName
 
Methods inherited from interface weblogic.management.utils.ListerMBean
advance, close, haveCurrent
 
Methods inherited from interface weblogic.management.security.authentication.MemberGroupListerMBean
listMemberGroups
 
Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean
getGroupDescription, groupExists, isMember, listGroups
 
Methods inherited from interface weblogic.management.utils.NameListerMBean
getCurrentName
 
Methods inherited from interface weblogic.management.utils.ListerMBean
advance, close, haveCurrent
 
Methods inherited from interface weblogic.management.security.authentication.UserPasswordEditorMBean
changeUserPassword, resetUserPassword
 
Methods inherited from interface weblogic.management.security.authentication.GroupMembershipHierarchyCacheMBean
getGroupHierarchyCacheTTL, getMaxGroupHierarchiesInCache, setGroupHierarchyCacheTTL, setMaxGroupHierarchiesInCache
 

Method Detail

getProviderClassName

String getProviderClassName()

The name of the Java class used to load the LDAP Authentication provider.

Default Value:
"weblogic.security.providers.authentication.LDAPAuthenticationProviderImpl"

getDescription

String getDescription()

A short description of the LDAP Authentication provider.

Specified by:
getDescription in interface ProviderMBean
Default Value:
"Provider that performs LDAP authentication"

getVersion

String getVersion()

The version number of the LDAP Authentication provider.

Specified by:
getVersion in interface ProviderMBean
Default Value:
"1.0"

getUserObjectClass

String getUserObjectClass()

The LDAP object class that stores users.

Default Value:
"person"

setUserObjectClass

void setUserObjectClass(String newValue)
                        throws InvalidAttributeValueException

The LDAP object class that stores users.

Parameters:
newValue - - new value for attribute UserObjectClass
Throws:
InvalidAttributeValueException
Default Value:
"person"

getUserNameAttribute

String getUserNameAttribute()

The attribute of an LDAP user object that specifies the name of the user.

Default Value:
"uid"

setUserNameAttribute

void setUserNameAttribute(String newValue)
                          throws InvalidAttributeValueException

The attribute of an LDAP user object that specifies the name of the user.

Parameters:
newValue - - new value for attribute UserNameAttribute
Throws:
InvalidAttributeValueException
Default Value:
"uid"

getUserDynamicGroupDNAttribute

String getUserDynamicGroupDNAttribute()

The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.

setUserDynamicGroupDNAttribute

void setUserDynamicGroupDNAttribute(String newValue)
                                    throws InvalidAttributeValueException

The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.

Parameters:
newValue - - new value for attribute UserDynamicGroupDNAttribute
Throws:
InvalidAttributeValueException

getUserBaseDN

String getUserBaseDN()

The base distinguished name (DN) of the tree in the LDAP directory that contains users.

Default Value:
"ou=people, o=example.com"

setUserBaseDN

void setUserBaseDN(String newValue)
                   throws InvalidAttributeValueException

The base distinguished name (DN) of the tree in the LDAP directory that contains users.

Parameters:
newValue - - new value for attribute UserBaseDN
Throws:
InvalidAttributeValueException
Default Value:
"ou=people, o=example.com"

getUserSearchScope

String getUserSearchScope()

Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.

Default Value:
"subtree"
Valid Values:
"subtree","onelevel"

setUserSearchScope

void setUserSearchScope(String newValue)
                        throws InvalidAttributeValueException

Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.

Parameters:
newValue - - new value for attribute UserSearchScope
Throws:
InvalidAttributeValueException
Default Value:
"subtree"
Valid Values:
"subtree","onelevel"

getUserFromNameFilter

String getUserFromNameFilter()

An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Default Value:
"(&(uid=%u)(objectclass=person))"

setUserFromNameFilter

void setUserFromNameFilter(String newValue)
                           throws InvalidAttributeValueException

An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Parameters:
newValue - - new value for attribute UserFromNameFilter
Throws:
InvalidAttributeValueException
Default Value:
"(&(uid=%u)(objectclass=person))"

getAllUsersFilter

String getAllUsersFilter()

An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

setAllUsersFilter

void setAllUsersFilter(String newValue)
                       throws InvalidAttributeValueException

An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

Parameters:
newValue - - new value for attribute AllUsersFilter
Throws:
InvalidAttributeValueException

getGroupBaseDN

String getGroupBaseDN()

The base distinguished name (DN) of the tree in the LDAP directory that contains groups.

Default Value:
"ou=groups, o=example.com"

setGroupBaseDN

void setGroupBaseDN(String newValue)
                    throws InvalidAttributeValueException

The base distinguished name (DN) of the tree in the LDAP directory that contains groups.

Parameters:
newValue - - new value for attribute GroupBaseDN
Throws:
InvalidAttributeValueException
Default Value:
"ou=groups, o=example.com"

getGroupSearchScope

String getGroupSearchScope()

Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.

Default Value:
"subtree"
Valid Values:
"subtree","onelevel"

setGroupSearchScope

void setGroupSearchScope(String newValue)
                         throws InvalidAttributeValueException

Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.

Parameters:
newValue - - new value for attribute GroupSearchScope
Throws:
InvalidAttributeValueException
Default Value:
"subtree"
Valid Values:
"subtree","onelevel"

getGroupFromNameFilter

String getGroupFromNameFilter()

An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Default Value:
"(&(cn=%g)(objectclass=groupofuniquenames))"

setGroupFromNameFilter

void setGroupFromNameFilter(String newValue)
                            throws InvalidAttributeValueException

An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Parameters:
newValue - - new value for attribute GroupFromNameFilter
Throws:
InvalidAttributeValueException
Default Value:
"(&(cn=%g)(objectclass=groupofuniquenames))"

getAllGroupsFilter

String getAllGroupsFilter()

An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.

setAllGroupsFilter

void setAllGroupsFilter(String newValue)
                        throws InvalidAttributeValueException

An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.

Parameters:
newValue - - new value for attribute AllGroupsFilter
Throws:
InvalidAttributeValueException

getStaticGroupObjectClass

String getStaticGroupObjectClass()

The name of the LDAP object class that stores static groups.

Default Value:
"groupofuniquenames"

setStaticGroupObjectClass

void setStaticGroupObjectClass(String newValue)
                               throws InvalidAttributeValueException

The name of the LDAP object class that stores static groups.

Parameters:
newValue - - new value for attribute StaticGroupObjectClass
Throws:
InvalidAttributeValueException
Default Value:
"groupofuniquenames"

getStaticGroupNameAttribute

String getStaticGroupNameAttribute()

The attribute of a static LDAP group object that specifies the name of the group.

Default Value:
"cn"

setStaticGroupNameAttribute

void setStaticGroupNameAttribute(String newValue)
                                 throws InvalidAttributeValueException

The attribute of a static LDAP group object that specifies the name of the group.

Parameters:
newValue - - new value for attribute StaticGroupNameAttribute
Throws:
InvalidAttributeValueException
Default Value:
"cn"

getStaticMemberDNAttribute

String getStaticMemberDNAttribute()

The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.

Default Value:
"uniquemember"

setStaticMemberDNAttribute

void setStaticMemberDNAttribute(String newValue)
                                throws InvalidAttributeValueException

The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.

Parameters:
newValue - - new value for attribute StaticMemberDNAttribute
Throws:
InvalidAttributeValueException
Default Value:
"uniquemember"

getStaticGroupDNsfromMemberDNFilter

String getStaticGroupDNsfromMemberDNFilter()

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Default Value:
"(&(uniquemember=%M)(objectclass=groupofuniquenames))"

setStaticGroupDNsfromMemberDNFilter

void setStaticGroupDNsfromMemberDNFilter(String newValue)
                                         throws InvalidAttributeValueException

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Parameters:
newValue - - new value for attribute StaticGroupDNsfromMemberDNFilter
Throws:
InvalidAttributeValueException
Default Value:
"(&(uniquemember=%M)(objectclass=groupofuniquenames))"

getDynamicGroupObjectClass

String getDynamicGroupObjectClass()

The LDAP object class that stores dynamic groups.

setDynamicGroupObjectClass

void setDynamicGroupObjectClass(String newValue)
                                throws InvalidAttributeValueException

The LDAP object class that stores dynamic groups.

Parameters:
newValue - - new value for attribute DynamicGroupObjectClass
Throws:
InvalidAttributeValueException

getDynamicGroupNameAttribute

String getDynamicGroupNameAttribute()

The attribute of a dynamic LDAP group object that specifies the name of the group.

setDynamicGroupNameAttribute

void setDynamicGroupNameAttribute(String newValue)
                                  throws InvalidAttributeValueException

The attribute of a dynamic LDAP group object that specifies the name of the group.

Parameters:
newValue - - new value for attribute DynamicGroupNameAttribute
Throws:
InvalidAttributeValueException

getDynamicMemberURLAttribute

String getDynamicMemberURLAttribute()

The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.

setDynamicMemberURLAttribute

void setDynamicMemberURLAttribute(String newValue)
                                  throws InvalidAttributeValueException

The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.

Parameters:
newValue - - new value for attribute DynamicMemberURLAttribute
Throws:
InvalidAttributeValueException

getGroupMembershipSearching

String getGroupMembershipSearching()

Specifies whether group searches into nested groups are unlimited or limited. Valid values are unlimited and limited.

For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group. If a limited search is specified, the Max Group Membership Search Level attribute must be specified. If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

Default Value:
"unlimited"
Valid Values:
"unlimited","limited"

setGroupMembershipSearching

void setGroupMembershipSearching(String newValue)
                                 throws InvalidAttributeValueException

Specifies whether group searches into nested groups are unlimited or limited. Valid values are unlimited and limited.

For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group. If a limited search is specified, the Max Group Membership Search Level attribute must be specified. If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

Parameters:
newValue - - new value for attribute GroupMembershipSearching
Throws:
InvalidAttributeValueException
Default Value:
"unlimited"
Valid Values:
"unlimited","limited"

getMaxGroupMembershipSearchLevel

Integer getMaxGroupMembershipSearchLevel()

Specifies how many levels of group membership can be searched. This setting is valid only if GroupMembershipSearching is set to limited. Valid values are 0 and positive integers. For example, 0 indicates only direct group memberships will be found, and a positive number indicates the number of levels to search.

Possible values are:

0 - Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.

Any positive number - Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

Default Value:
new Integer(0)

setMaxGroupMembershipSearchLevel

void setMaxGroupMembershipSearchLevel(Integer newValue)
                                      throws InvalidAttributeValueException

Specifies how many levels of group membership can be searched. This setting is valid only if GroupMembershipSearching is set to limited. Valid values are 0 and positive integers. For example, 0 indicates only direct group memberships will be found, and a positive number indicates the number of levels to search.

Possible values are:

0 - Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.

Any positive number - Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

Parameters:
newValue - - new value for attribute MaxGroupMembershipSearchLevel
Throws:
InvalidAttributeValueException
Default Value:
new Integer(0)

getUseRetrievedUserNameAsPrincipal

Boolean getUseRetrievedUserNameAsPrincipal()

Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.

Default Value:
new Boolean(false)

setUseRetrievedUserNameAsPrincipal

void setUseRetrievedUserNameAsPrincipal(Boolean newValue)
                                        throws InvalidAttributeValueException

Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.

Parameters:
newValue - - new value for attribute UseRetrievedUserNameAsPrincipal
Throws:
InvalidAttributeValueException
Default Value:
new Boolean(false)

getIgnoreDuplicateMembership

Boolean getIgnoreDuplicateMembership()

Determines whether duplicate members are ignored when adding groups. The attribute cycles in the Group membership.

Default Value:
new Boolean(false)

setIgnoreDuplicateMembership

void setIgnoreDuplicateMembership(Boolean newValue)
                                  throws InvalidAttributeValueException

Determines whether duplicate members are ignored when adding groups. The attribute cycles in the Group membership.

Parameters:
newValue - - new value for attribute IgnoreDuplicateMembership
Throws:
InvalidAttributeValueException
Default Value:
new Boolean(false)

isKeepAliveEnabled

boolean isKeepAliveEnabled()

Specifies whether to prevent LDAP connections from timing out.

Default Value:
false

setKeepAliveEnabled

void setKeepAliveEnabled(boolean newValue)
                         throws InvalidAttributeValueException

Specifies whether to prevent LDAP connections from timing out.

Parameters:
newValue - - new value for attribute KeepAliveEnabled
Throws:
InvalidAttributeValueException
Default Value:
false

getCredential

String getCredential()

The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
getCredential in interface LDAPServerMBean
See Also:
LDAPServerMBean.getCredentialEncrypted()
Changes take effect after you redeploy the module or restart the server.

setCredential

void setCredential(String newValue)
                   throws InvalidAttributeValueException

The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
setCredential in interface LDAPServerMBean
Parameters:
newValue - - new value for attribute Credential
Throws:
InvalidAttributeValueException
See Also:
LDAPServerMBean.getCredential(), LDAPServerMBean.setCredentialEncrypted(byte[])
Changes take effect after you redeploy the module or restart the server.

getEnableGroupMembershipLookupHierarchyCaching

Boolean getEnableGroupMembershipLookupHierarchyCaching()

Sets whether to cache group membership hierarchies found during recursive membership lookup. If true, each subtree found will be cached. This overwrites the default value defined in GroupMembershipHierarchyCacheMBean.

Specified by:
getEnableGroupMembershipLookupHierarchyCaching in interface GroupMembershipHierarchyCacheMBean
Default Value:
new Boolean(true)

setEnableGroupMembershipLookupHierarchyCaching

void setEnableGroupMembershipLookupHierarchyCaching(Boolean newValue)
                                                    throws InvalidAttributeValueException

Sets whether to cache group membership hierarchies found during recursive membership lookup. If true, each subtree found will be cached. This overwrites the default value defined in GroupMembershipHierarchyCacheMBean.

Specified by:
setEnableGroupMembershipLookupHierarchyCaching in interface GroupMembershipHierarchyCacheMBean
Parameters:
newValue - - new value for attribute EnableGroupMembershipLookupHierarchyCaching
Throws:
InvalidAttributeValueException
See Also:
GroupMembershipHierarchyCacheMBean.getEnableGroupMembershipLookupHierarchyCaching()
Default Value:
new Boolean(true)

getGuidAttribute

String getGuidAttribute()

Specifies the name of the GUID attribute defined in the LDAP server that corresponds to the LDAP Authentication provider configured in the security realm.

setGuidAttribute

void setGuidAttribute(String newValue)
                      throws InvalidAttributeValueException

Specifies the name of the GUID attribute defined in the LDAP server that corresponds to the LDAP Authentication provider configured in the security realm.

Parameters:
newValue - - new value for attribute GuidAttribute
Throws:
InvalidAttributeValueException

getName

String getName()
Description copied from interface: ProviderMBean
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:
getName in interface LoginExceptionPropagatorMBean
Specified by:
getName in interface ProviderMBean
Default Value:
"LDAPAuthenticator"

setCredentialEncrypted

void setCredentialEncrypted(byte[] _bytes)
Description copied from interface: LDAPServerMBean
Sets the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
setCredentialEncrypted in interface LDAPServerMBean
Parameters:
_bytes - The new credential value as a byte array.
See Also:
LDAPServerMBean.getCredentialEncrypted()
Changes take effect after you redeploy the module or restart the server.

getCredentialEncrypted

byte[] getCredentialEncrypted()
Description copied from interface: LDAPServerMBean
Returns the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
getCredentialEncrypted in interface LDAPServerMBean
Returns:
The credential value as an encrypted byte array.
Changes take effect after you redeploy the module or restart the server.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server MBean Javadoc
11g Release 1 (10.3.6)

Part Number E13945-06
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD