Administration Console Online Help
WebLogic Authentication Provider-->Details
Set the Minimum Password Length attribute to specify the minimum number of characters required in a password processed by this WebLogic Authentication provider. This password is the password used to define users in the embedded LDAP server used by the WebLogic Authentication provider to store user and group information.
In addition, the following attributes can be used to improve the performance of the WebLogic Authentication provider:
- Group Membership Searching—Controls whether group searches are limited in depth or unlimited. This attribute controls how deeply a search should recursive into nested groups. For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group.
- If a limited search is specified, the Max Group Membership Search Level attribute must be specified.
- If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.
- Max Group Membership Search Level—Controls the depth of a group membership search if the Group Membership Searching attribute is specified. Possible values are:
- 0—Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.
- Any positive number—Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.
- Use Retrieved User Name as Principal—Specifies that the user name retrieved from the LDAP directory should be added as the principal instead of the username supplied for authentication.
- Enable Group Membership Lookup Hierarchy Caching—Indicates whether group membership hierarchies found during recursive membership lookup are cached. Each subtree found will be cached. The cache holds the groups to which a group is a member. This attribute only applies if the Group Membership attribute is enabled. The default is false.
- Max Group Hierarchies in Cache—The maximum size of the Least Recently Used (LRU) cache that holds group membership hierarchies. This attribute only applies if the Enable Group Membership Lookup Hierarchy Caching attribute is enabled.
The approximate memory utilization for each entry is as follows:
- groupName—This entry is the size of the biggest group names.
- Groups—This entry contains the flattened group membership for a particular group. For example, if a group flattens to 300 groups, there will be 300 group names in this entry. In the case where a group is not a member of any other group, this entry has no value.
- Group Hierarchy Cache TTL—The number of seconds cached entries stay in the cache. The default is 60 seconds.