LDAPAuthenticatorMBean (BEA WebLogic Server 9.2 API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Type-Safe Access to BEA WebLogic Server 9.2 MBeans (Deprecated)

(Methods marked with @since 9.0.0.0 are not available through the deprecated `MBeanHome` interface.)

weblogic.security.providers.authentication
Interface LDAPAuthenticatorMBean

All Superinterfaces:: AuthenticationProviderMBean, AuthenticatorMBean, weblogic.descriptor.DescriptorBean, GroupMemberListerMBean, GroupMembershipHierarchyCacheMBean, GroupReaderMBean, LDAPServerMBean, ListerMBean, LoginExceptionPropagatorMBean, MemberGroupListerMBean, NameListerMBean, ProviderMBean, weblogic.descriptor.SettableBean, weblogic.management.commo.StandardInterface, UserPasswordEditorMBean, UserReaderMBean

All Known Subinterfaces:: ActiveDirectoryAuthenticatorMBean, IPlanetAuthenticatorMBean, NovellAuthenticatorMBean, OpenLDAPAuthenticatorMBean

public interface LDAPAuthenticatorMBean
extends weblogic.management.commo.StandardInterface, weblogic.descriptor.DescriptorBean, LoginExceptionPropagatorMBean, LDAPServerMBean, UserReaderMBean, GroupReaderMBean, GroupMemberListerMBean, MemberGroupListerMBean, UserPasswordEditorMBean, GroupMembershipHierarchyCacheMBean

This MBean contains attributes for the LDAP servers supported by the LDAP Authentication providers. Subinterfaces of this MBean override default values specific to an LDAP server.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

Method Summary
`String`	`getAllGroupsFilter()` An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
`String`	`getAllUsersFilter()` An LDAP search filter for finding all users beneath the base user distinguished name (DN).
`String`	`getCredential()` The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
`byte[]`	`getCredentialEncrypted()` Returns the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
`String`	`getDescription()` A short description of the LDAP Authentication provider.
`String`	`getDynamicGroupNameAttribute()` The attribute of a dynamic LDAP group object that specifies the name of the group.
`String`	`getDynamicGroupObjectClass()` The LDAP object class that stores dynamic groups.
`String`	`getDynamicMemberURLAttribute()` The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
`String`	`getGroupBaseDN()` The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
`String`	`getGroupFromNameFilter()` An LDAP search filter for finding a group given the name of the group.
`String`	`getGroupMembershipSearching()` Specifies whether group searches into nested groups are unlimited or limited.
`String`	`getGroupSearchScope()` Specifies how deep in the LDAP directory tree to search for groups.
`Boolean`	`getIgnoreDuplicateMembership()` Determines whether duplicate members are ignored when adding groups.
`Integer`	`getMaxGroupMembershipSearchLevel()` Specifies how many levels of group membership can be searched.
`String`	`getName()` The name of this configuration.
`String`	`getProviderClassName()` The name of the Java class used to load the LDAP Authentication provider.
`String`	`getStaticGroupDNsfromMemberDNFilter()` An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member.
`String`	`getStaticGroupNameAttribute()` The attribute of a static LDAP group object that specifies the name of the group.
`String`	`getStaticGroupObjectClass()` The name of the LDAP object class that stores static groups.
`String`	`getStaticMemberDNAttribute()` The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
`String`	`getUserBaseDN()` The base distinguished name (DN) of the tree in the LDAP directory that contains users.
`String`	`getUserDynamicGroupDNAttribute()` The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
`Boolean`	`getUseRetrievedUserNameAsPrincipal()` Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
`String`	`getUserFromNameFilter()` An LDAP search filter for finding a user given the name of the user.
`String`	`getUserNameAttribute()` The attribute of an LDAP user object that specifies the name of the user.
`String`	`getUserObjectClass()` The LDAP object class that stores users.
`String`	`getUserSearchScope()` Specifies how deep in the LDAP directory tree to search for Users.
`String`	`getVersion()` The version number of the LDAP Authentication provider.
`boolean`	`isKeepAliveEnabled()` Specifies whether to prevent LDAP connections from timing out.
`void`	`setAllGroupsFilter(String newValue)` An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
`void`	`setAllUsersFilter(String newValue)` An LDAP search filter for finding all users beneath the base user distinguished name (DN).
`void`	`setCredential(String newValue)` The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
`void`	`setCredentialEncrypted(byte[] _bytes)` Sets the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
`void`	`setDynamicGroupNameAttribute(String newValue)` The attribute of a dynamic LDAP group object that specifies the name of the group.
`void`	`setDynamicGroupObjectClass(String newValue)` The LDAP object class that stores dynamic groups.
`void`	`setDynamicMemberURLAttribute(String newValue)` The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
`void`	`setGroupBaseDN(String newValue)` The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
`void`	`setGroupFromNameFilter(String newValue)` An LDAP search filter for finding a group given the name of the group.
`void`	`setGroupMembershipSearching(String newValue)` Specifies whether group searches into nested groups are unlimited or limited.
`void`	`setGroupSearchScope(String newValue)` Specifies how deep in the LDAP directory tree to search for groups.
`void`	`setIgnoreDuplicateMembership(Boolean newValue)` Determines whether duplicate members are ignored when adding groups.
`void`	`setKeepAliveEnabled(boolean newValue)` Specifies whether to prevent LDAP connections from timing out.
`void`	`setMaxGroupMembershipSearchLevel(Integer newValue)` Specifies how many levels of group membership can be searched.
`void`	`setStaticGroupDNsfromMemberDNFilter(String newValue)` An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member.
`void`	`setStaticGroupNameAttribute(String newValue)` The attribute of a static LDAP group object that specifies the name of the group.
`void`	`setStaticGroupObjectClass(String newValue)` The name of the LDAP object class that stores static groups.
`void`	`setStaticMemberDNAttribute(String newValue)` The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
`void`	`setUserBaseDN(String newValue)` The base distinguished name (DN) of the tree in the LDAP directory that contains users.
`void`	`setUserDynamicGroupDNAttribute(String newValue)` The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
`void`	`setUseRetrievedUserNameAsPrincipal(Boolean newValue)` Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
`void`	`setUserFromNameFilter(String newValue)` An LDAP search filter for finding a user given the name of the user.
`void`	`setUserNameAttribute(String newValue)` The attribute of an LDAP user object that specifies the name of the user.
`void`	`setUserObjectClass(String newValue)` The LDAP object class that stores users.
`void`	`setUserSearchScope(String newValue)` Specifies how deep in the LDAP directory tree to search for Users.

Methods inherited from interface weblogic.management.commo.StandardInterface

setName, wls_getDisplayName, wls_getInterfaceClassName, wls_getObjectName

Methods inherited from interface weblogic.descriptor.DescriptorBean

addBeanUpdateListener, addPropertyChangeListener, createChildCopy, createChildCopyIncludingObsolete, getDescriptor, getParentBean, isEditable, removeBeanUpdateListener, removePropertyChangeListener

Methods inherited from interface weblogic.descriptor.SettableBean

isSet, unSet

Methods inherited from interface weblogic.security.providers.authentication.LoginExceptionPropagatorMBean

getPropagateCauseForLoginException, setPropagateCauseForLoginException

Methods inherited from interface weblogic.management.security.authentication.AuthenticatorMBean

getControlFlag, setControlFlag

Methods inherited from interface weblogic.management.security.ProviderMBean

getRealm

Methods inherited from interface weblogic.management.utils.LDAPServerMBean

getCacheSize, getCacheTTL, getConnectionRetryLimit, getConnectTimeout, getHost, getParallelConnectDelay, getPort, getPrincipal, getResultsTimeLimit, isBindAnonymouslyOnReferrals, isCacheEnabled, isFollowReferrals, isSSLEnabled, setBindAnonymouslyOnReferrals, setCacheEnabled, setCacheSize, setCacheTTL, setConnectionRetryLimit, setConnectTimeout, setFollowReferrals, setHost, setParallelConnectDelay, setPort, setPrincipal, setResultsTimeLimit, setSSLEnabled

Methods inherited from interface weblogic.management.security.authentication.UserReaderMBean

getUserDescription, listUsers, userExists

Methods inherited from interface weblogic.management.utils.NameListerMBean

getCurrentName

Methods inherited from interface weblogic.management.utils.ListerMBean

advance, close, haveCurrent

Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean

getGroupDescription, groupExists, isMember, listGroups

Methods inherited from interface weblogic.management.security.authentication.GroupMemberListerMBean

listGroupMembers

Methods inherited from interface weblogic.management.security.authentication.MemberGroupListerMBean

listMemberGroups

Methods inherited from interface weblogic.management.security.authentication.UserPasswordEditorMBean

changeUserPassword, resetUserPassword

Methods inherited from interface weblogic.management.security.authentication.GroupMembershipHierarchyCacheMBean

getEnableGroupMembershipLookupHierarchyCaching, getGroupHierarchyCacheTTL, getMaxGroupHierarchiesInCache, setEnableGroupMembershipLookupHierarchyCaching, setGroupHierarchyCacheTTL, setMaxGroupHierarchiesInCache

Method Detail

getAllGroupsFilter

public String getAllGroupsFilter()

An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.

getAllUsersFilter

public String getAllUsersFilter()

An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

getCredential

public String getCredential()

The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:: getCredential in interface LDAPServerMBean

See Also:: LDAPServerMBean.getCredentialEncrypted()

getCredentialEncrypted

public byte[] getCredentialEncrypted()

Description copied from interface: LDAPServerMBean

Returns the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:: getCredentialEncrypted in interface LDAPServerMBean

Returns:: The credential value as an encrypted byte array.
See Also:: weblogic.management.EncryptionHelper

getDescription

public String getDescription()

A short description of the LDAP Authentication provider.

Specified by:: getDescription in interface ProviderMBean

getDynamicGroupNameAttribute

public String getDynamicGroupNameAttribute()

The attribute of a dynamic LDAP group object that specifies the name of the group.

getDynamicGroupObjectClass

public String getDynamicGroupObjectClass()

The LDAP object class that stores dynamic groups.

getDynamicMemberURLAttribute

public String getDynamicMemberURLAttribute()

The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.

getGroupBaseDN

public String getGroupBaseDN()

The base distinguished name (DN) of the tree in the LDAP directory that contains groups.

getGroupFromNameFilter

public String getGroupFromNameFilter()

An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

getGroupMembershipSearching

public String getGroupMembershipSearching()

Specifies whether group searches into nested groups are unlimited or limited. Valid values are unlimited and limited.

For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group. If a limited search is specified, the Max Group Membership Search Level attribute must be specified. If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

getGroupSearchScope

public String getGroupSearchScope()

Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.

getIgnoreDuplicateMembership

public Boolean getIgnoreDuplicateMembership()

Determines whether duplicate members are ignored when adding groups. The attribute cycles in the Group membership.

getMaxGroupMembershipSearchLevel

public Integer getMaxGroupMembershipSearchLevel()

Specifies how many levels of group membership can be searched. This setting is valid only if GroupMembershipSearching is set to limited. Valid values are 0 and positive integers. For example, 0 indicates only direct group memberships will be found, and a positive number indicates the number of levels to search.

Possible values are:

0 - Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.

Any positive number - Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.

getName

public String getName()

Description copied from interface: ProviderMBean

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:: getName in interface weblogic.management.commo.StandardInterface

getProviderClassName

public String getProviderClassName()

The name of the Java class used to load the LDAP Authentication provider.

Specified by:: getProviderClassName in interface ProviderMBean

Excluded: Should not appear in public javadocs
Internal: Should not appear in public javadocs

getStaticGroupDNsfromMemberDNFilter

public String getStaticGroupDNsfromMemberDNFilter()

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

getStaticGroupNameAttribute

public String getStaticGroupNameAttribute()

The attribute of a static LDAP group object that specifies the name of the group.

getStaticGroupObjectClass

public String getStaticGroupObjectClass()

The name of the LDAP object class that stores static groups.

getStaticMemberDNAttribute

public String getStaticMemberDNAttribute()

The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.

getUserBaseDN

public String getUserBaseDN()

The base distinguished name (DN) of the tree in the LDAP directory that contains users.

getUserDynamicGroupDNAttribute

public String getUserDynamicGroupDNAttribute()

The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.

getUseRetrievedUserNameAsPrincipal

public Boolean getUseRetrievedUserNameAsPrincipal()

Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.

getUserFromNameFilter

public String getUserFromNameFilter()

An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

getUserNameAttribute

public String getUserNameAttribute()

The attribute of an LDAP user object that specifies the name of the user.

getUserObjectClass

public String getUserObjectClass()

The LDAP object class that stores users.

getUserSearchScope

public String getUserSearchScope()

Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.

getVersion

public String getVersion()

The version number of the LDAP Authentication provider.

Specified by:: getVersion in interface ProviderMBean

isKeepAliveEnabled

public boolean isKeepAliveEnabled()

Specifies whether to prevent LDAP connections from timing out.

setAllGroupsFilter

public void setAllGroupsFilter(String newValue)
                        throws InvalidAttributeValueException

Parameters:: newValue - - new value for attribute AllGroupsFilter
Throws:: InvalidAttributeValueException

setAllUsersFilter

public void setAllUsersFilter(String newValue)
                       throws InvalidAttributeValueException

Parameters:: newValue - - new value for attribute AllUsersFilter
Throws:: InvalidAttributeValueException

setCredential

public void setCredential(String newValue)
                   throws InvalidAttributeValueException