BEA Systems, Inc.
WebLogic Server 8.1 API Reference

weblogic.security.providers.authentication
Interface ActiveDirectoryAuthenticatorMBean

public interface ActiveDirectoryAuthenticatorMBean
extends weblogic.management.commo.StandardInterface, LDAPAuthenticatorMBean

The MBean that represents LDAP schema definitions for the Active Directory LDAP Authentication provider.

Author:
Copyright © 2004 BEA Systems, Inc. All Rights Reserved.

Method Summary
 java.lang.Boolean getEnableSIDtoGroupLookupCaching()
          Boolean value that indicates whether SID to group name lookup results are cached or not.
 java.lang.String getGroupBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 java.lang.String getGroupFromNameFilter()
          LDAP search filter for finding a group given the name of the group.
 java.lang.Integer getMaxSIDToGroupLookupsInCache()
          The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled.
 java.lang.String getStaticGroupDNsfromMemberDNFilter()
          LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
 java.lang.String getStaticGroupObjectClass()
          The name of the LDAP object class that stores static groups.
 java.lang.String getStaticMemberDNAttribute()
          The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
 java.lang.String getUserBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 java.lang.String getUserFromNameFilter()
          LDAP search filter for finding a user given the name of the user.
 java.lang.String getUserNameAttribute()
          The attribute of the LDAP User object that specifies the name of the user.
 java.lang.String getUserObjectClass()
          The LDAP object class that stores users.
 java.lang.Boolean getUseTokenGroupsForGroupMembershipLookup()
          Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.
 void setEnableSIDtoGroupLookupCaching(java.lang.Boolean newValue)
          Boolean value that indicates whether SID to group name lookup results are cached or not.
 void setGroupBaseDN(java.lang.String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 void setGroupFromNameFilter(java.lang.String newValue)
          LDAP search filter for finding a group given the name of the group.
 void setMaxSIDToGroupLookupsInCache(java.lang.Integer newValue)
          The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled.
 void setStaticGroupDNsfromMemberDNFilter(java.lang.String newValue)
          LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
 void setStaticGroupObjectClass(java.lang.String newValue)
          The name of the LDAP object class that stores static groups.
 void setStaticMemberDNAttribute(java.lang.String newValue)
          The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
 void setUserBaseDN(java.lang.String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 void setUserFromNameFilter(java.lang.String newValue)
          LDAP search filter for finding a user given the name of the user.
 void setUserNameAttribute(java.lang.String newValue)
          The attribute of the LDAP User object that specifies the name of the user.
 void setUserObjectClass(java.lang.String newValue)
          The LDAP object class that stores users.
 void setUseTokenGroupsForGroupMembershipLookup(java.lang.Boolean newValue)
          Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.
 
Methods inherited from interface weblogic.security.providers.authentication.LDAPAuthenticatorMBean
getAllGroupsFilter, getAllUsersFilter, getDescription, getDynamicGroupNameAttribute, getDynamicGroupObjectClass, getDynamicMemberURLAttribute, getGroupMembershipSearching, getGroupSearchScope, getIgnoreDuplicateMembership, getMaxGroupMembershipSearchLevel, getProviderClassName, getStaticGroupNameAttribute, getUserDynamicGroupDNAttribute, getUseRetrievedUserNameAsPrincipal, getUserSearchScope, getVersion, setAllGroupsFilter, setAllUsersFilter, setDynamicGroupNameAttribute, setDynamicGroupObjectClass, setDynamicMemberURLAttribute, setGroupMembershipSearching, setGroupSearchScope, setIgnoreDuplicateMembership, setMaxGroupMembershipSearchLevel, setStaticGroupNameAttribute, setUserDynamicGroupDNAttribute, setUseRetrievedUserNameAsPrincipal, setUserSearchScope
 
Methods inherited from interface weblogic.security.providers.authentication.LoginExceptionPropagatorMBean
getPropagateCauseForLoginException, setPropagateCauseForLoginException
 
Methods inherited from interface weblogic.management.utils.LDAPServerMBean
getCacheSize, getCacheTTL, getConnectionRetryLimit, getConnectTimeout, getCredential, getHost, getParallelConnectDelay, getPort, getPrincipal, getResultsTimeLimit, isBindAnonymouslyOnReferrals, isCacheEnabled, isFollowReferrals, isSSLEnabled, setBindAnonymouslyOnReferrals, setCacheEnabled, setCacheSize, setCacheTTL, setConnectionRetryLimit, setConnectTimeout, setCredential, setFollowReferrals, setHost, setParallelConnectDelay, setPort, setPrincipal, setResultsTimeLimit, setSSLEnabled
 
Methods inherited from interface weblogic.management.security.authentication.UserReaderMBean
getUserDescription, listUsers, userExists
 
Methods inherited from interface weblogic.management.security.authentication.GroupMemberListerMBean
listGroupMembers
 
Methods inherited from interface weblogic.management.security.authentication.MemberGroupListerMBean
listMemberGroups
 
Methods inherited from interface weblogic.management.security.authentication.UserPasswordEditorMBean
changeUserPassword, resetUserPassword
 
Methods inherited from interface weblogic.management.security.authentication.GroupMembershipHierarchyCacheMBean
getEnableGroupMembershipLookupHierarchyCaching, getGroupHierarchyCacheTTL, getMaxGroupHierarchiesInCache, setEnableGroupMembershipLookupHierarchyCaching, setGroupHierarchyCacheTTL, setMaxGroupHierarchiesInCache
 
Methods inherited from interface weblogic.management.security.authentication.AuthenticatorMBean
getControlFlag, setControlFlag
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm, setRealm
 

Method Detail

getUserObjectClass

public java.lang.String getUserObjectClass()
The LDAP object class that stores users.
Specified by:
getUserObjectClass in interface LDAPAuthenticatorMBean

Default Value: "user"
Legal NULL: true

setUserObjectClass

public void setUserObjectClass(java.lang.String newValue)
                        throws javax.management.InvalidAttributeValueException
The LDAP object class that stores users.
Specified by:
setUserObjectClass in interface LDAPAuthenticatorMBean

Default Value: "user"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserObjectClass
Throws:
javax.management.InvalidAttributeValueException -  

getUserNameAttribute

public java.lang.String getUserNameAttribute()
The attribute of the LDAP User object that specifies the name of the user.
Specified by:
getUserNameAttribute in interface LDAPAuthenticatorMBean

Default Value: "cn"
Legal NULL: true

setUserNameAttribute

public void setUserNameAttribute(java.lang.String newValue)
                          throws javax.management.InvalidAttributeValueException
The attribute of the LDAP User object that specifies the name of the user.
Specified by:
setUserNameAttribute in interface LDAPAuthenticatorMBean

Default Value: "cn"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserNameAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getUserBaseDN

public java.lang.String getUserBaseDN()
The base distinguished name (DN) of the tree in the LDAP directory that contains users.
Specified by:
getUserBaseDN in interface LDAPAuthenticatorMBean

Default Value: "ou=WLSMEMBERS,dc=example,dc=com"
Legal NULL: true

setUserBaseDN

public void setUserBaseDN(java.lang.String newValue)
                   throws javax.management.InvalidAttributeValueException
The base distinguished name (DN) of the tree in the LDAP directory that contains users.
Specified by:
setUserBaseDN in interface LDAPAuthenticatorMBean

Default Value: "ou=WLSMEMBERS,dc=example,dc=com"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserBaseDN
Throws:
javax.management.InvalidAttributeValueException -  

getUserFromNameFilter

public java.lang.String getUserFromNameFilter()
LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.
Specified by:
getUserFromNameFilter in interface LDAPAuthenticatorMBean

Default Value: "(&(cn=%u)(objectclass=user))"
Legal NULL: true

setUserFromNameFilter

public void setUserFromNameFilter(java.lang.String newValue)
                           throws javax.management.InvalidAttributeValueException
LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.
Specified by:
setUserFromNameFilter in interface LDAPAuthenticatorMBean

Default Value: "(&(cn=%u)(objectclass=user))"
Legal NULL: true
Parameters:
newValue - - new value for attribute UserFromNameFilter
Throws:
javax.management.InvalidAttributeValueException -  

getGroupBaseDN

public java.lang.String getGroupBaseDN()
The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
Specified by:
getGroupBaseDN in interface LDAPAuthenticatorMBean

Default Value: "ou=WLSGROUPS,dc=example,dc=com"
Legal NULL: true

setGroupBaseDN

public void setGroupBaseDN(java.lang.String newValue)
                    throws javax.management.InvalidAttributeValueException
The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
Specified by:
setGroupBaseDN in interface LDAPAuthenticatorMBean

Default Value: "ou=WLSGROUPS,dc=example,dc=com"
Legal NULL: true
Parameters:
newValue - - new value for attribute GroupBaseDN
Throws:
javax.management.InvalidAttributeValueException -  

getGroupFromNameFilter

public java.lang.String getGroupFromNameFilter()
LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.
Specified by:
getGroupFromNameFilter in interface LDAPAuthenticatorMBean

Default Value: "(&(cn=%g)(objectclass=group))"
Legal NULL: true

setGroupFromNameFilter

public void setGroupFromNameFilter(java.lang.String newValue)
                            throws javax.management.InvalidAttributeValueException
LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.
Specified by:
setGroupFromNameFilter in interface LDAPAuthenticatorMBean

Default Value: "(&(cn=%g)(objectclass=group))"
Legal NULL: true
Parameters:
newValue - - new value for attribute GroupFromNameFilter
Throws:
javax.management.InvalidAttributeValueException -  

getStaticGroupDNsfromMemberDNFilter

public java.lang.String getStaticGroupDNsfromMemberDNFilter()
LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
Specified by:
getStaticGroupDNsfromMemberDNFilter in interface LDAPAuthenticatorMBean

Default Value: "(&(member=%M)(objectclass=group))"
Legal NULL: true

setStaticGroupDNsfromMemberDNFilter

public void setStaticGroupDNsfromMemberDNFilter(java.lang.String newValue)
                                         throws javax.management.InvalidAttributeValueException
LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
Specified by:
setStaticGroupDNsfromMemberDNFilter in interface LDAPAuthenticatorMBean

Default Value: "(&(member=%M)(objectclass=group))"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticGroupDNsfromMemberDNFilter
Throws:
javax.management.InvalidAttributeValueException -  

getStaticGroupObjectClass

public java.lang.String getStaticGroupObjectClass()
The name of the LDAP object class that stores static groups.
Specified by:
getStaticGroupObjectClass in interface LDAPAuthenticatorMBean

Default Value: "group"
Legal NULL: true

setStaticGroupObjectClass

public void setStaticGroupObjectClass(java.lang.String newValue)
                               throws javax.management.InvalidAttributeValueException
The name of the LDAP object class that stores static groups.
Specified by:
setStaticGroupObjectClass in interface LDAPAuthenticatorMBean

Default Value: "group"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticGroupObjectClass
Throws:
javax.management.InvalidAttributeValueException -  

getStaticMemberDNAttribute

public java.lang.String getStaticMemberDNAttribute()
The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
Specified by:
getStaticMemberDNAttribute in interface LDAPAuthenticatorMBean

Default Value: "member"
Legal NULL: true

setStaticMemberDNAttribute

public void setStaticMemberDNAttribute(java.lang.String newValue)
                                throws javax.management.InvalidAttributeValueException
The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
Specified by:
setStaticMemberDNAttribute in interface LDAPAuthenticatorMBean

Default Value: "member"
Legal NULL: true
Parameters:
newValue - - new value for attribute StaticMemberDNAttribute
Throws:
javax.management.InvalidAttributeValueException -  

getUseTokenGroupsForGroupMembershipLookup

public java.lang.Boolean getUseTokenGroupsForGroupMembershipLookup()
Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.

Default Value: new java.lang.Boolean(false)
Legal NULL: true

setUseTokenGroupsForGroupMembershipLookup

public void setUseTokenGroupsForGroupMembershipLookup(java.lang.Boolean newValue)
                                               throws javax.management.InvalidAttributeValueException
Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.

Default Value: new java.lang.Boolean(false)
Legal NULL: true
Parameters:
newValue - - new value for attribute UseTokenGroupsForGroupMembershipLookup
Throws:
javax.management.InvalidAttributeValueException -  

getEnableSIDtoGroupLookupCaching

public java.lang.Boolean getEnableSIDtoGroupLookupCaching()
Boolean value that indicates whether SID to group name lookup results are cached or not. This is only used if the token group membership lookup algorithm is enabled.

Default Value: new java.lang.Boolean(false)
Legal NULL: true

setEnableSIDtoGroupLookupCaching

public void setEnableSIDtoGroupLookupCaching(java.lang.Boolean newValue)
                                      throws javax.management.InvalidAttributeValueException
Boolean value that indicates whether SID to group name lookup results are cached or not. This is only used if the token group membership lookup algorithm is enabled.

Default Value: new java.lang.Boolean(false)
Legal NULL: true
Parameters:
newValue - - new value for attribute EnableSIDtoGroupLookupCaching
Throws:
javax.management.InvalidAttributeValueException -  

getMaxSIDToGroupLookupsInCache

public java.lang.Integer getMaxSIDToGroupLookupsInCache()
The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled. The default is 500.

Default Value: new Integer(500)
Legal NULL: true

setMaxSIDToGroupLookupsInCache

public void setMaxSIDToGroupLookupsInCache(java.lang.Integer newValue)
                                    throws javax.management.InvalidAttributeValueException
The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled. The default is 500.

Default Value: new Integer(500)
Legal NULL: true
Parameters:
newValue - - new value for attribute MaxSIDToGroupLookupsInCache
Throws:
javax.management.InvalidAttributeValueException -  
Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs81