Administration Console Online Help
iPlanet Authentication Provider-->Details
Tasks Related Topics
Overview
This page displays additional MBean attributes for the iPlanet Authentication provider.
- Group Membership Searching—Controls whether group searches are limited in depth or unlimited. This attribute controls how deeply a search should recursive into nested groups. For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group.
- If a limited search is specified, the Max Group Membership Search Level attribute must be specified.
- If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.
- Max Group Membership Search Level—Controls the depth of a group membership search if the Group Membership Searching attribute is specified. Possible values are:
- 0—Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.
- Any positive number—Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.
- Use Retrieved User Name as Principal—Specifies that the user name retrieved from the LDAP directory should be added as the principal instead of the username supplied for authentication.
- Enable Group Membership Lookup Hierarchy Caching—Indicates whether group membership hierarchies found during recursive membership lookup are cached. Each subtree found will be cached. The cache holds the groups to which a group is a member. This attribute only applies if the Group Membership attribute is enabled. The default is false.
- Max Group Hierarchies in Cache—The maximum size of the Least Recently Used (LRU) cache that holds group membership hierarchies. This attribute only applies if the Enable Group Membership Lookup Hierarchy Caching attribute is enabled.
The approximate memory utilization for each entry is as follows:
- groupName—This entry is the size of the biggest group names.
- Groups—This entry contains the flattened group membership for a particular group. For example, if a group flattens to 300 groups, there will be 300 group names in this entry. In the case where a group is not a member of any other group, this entry has no value.
- Group Hierarchy Cache TTL—The number of seconds cached entries stay in the cache. The default is 60 seconds.
- Follow Referrals—Specifies that a search for a user or group within the iPlanet Authentication provider will follow referrals to other LDAP servers or branches within the LDAP directory. By default, this attribute is enabled.
- Bind Anonymously On Referrals—By default, the iPlanet Authentication provider uses the same DN and password used to connect to the LDAP server when following referrals during a search. If you want to connect as an anonymous user, enable this attribute. Contact your LDAP system administrator for more information.
- Results Time Limit—The maximum number of milliseconds for the LDAP server to wait for results before timing out. If this attribute is set to 0, there is not maximum time limit. The default is 0.
- Connect Timeout—The maximum time in seconds to wait for the connection to the LDAP server to be established. If this attribute is set to 0, there is not a maximum time limit. The default is 0.
- Parallel Connect Delay—The delay in seconds when making concurrent attempts to attempt to multiple LDAP servers. If this attribute is set to 0, connection attempts are serialized. An attempt is made to connect to the first server in the list. The next entry in the list is tried only if the attempt to connect to the current host fails. If this attribute is not set and an LDAP server is unavailable, an application may be blocked for a long time. If this attribute is greater than 0, another connection is started after the specified time.
Tasks
Configuring an LDAP Authentication Provider
Related Topics
Introduction to WebLogic Security
Managing WebLogic Security
Securing WebLogic Resources
Programming WebLogic Security
Developing Security Providers for WebLogic Server
Securing a Production Environment
The Security topics in the WebLogic Server 8.1 Upgrade Guide
Security FAQ
The Security page in the WebLogic Server documentation