weblogic.security.providers.authentication
Interface ActiveDirectoryAuthenticatorMBean

All Superinterfaces:

AuthenticationProviderMBean, AuthenticatorMBean, GroupMemberListerMBean, GroupMembershipHierarchyCacheMBean, GroupReaderMBean, LDAPAuthenticatorMBean, LDAPServerMBean, ListerMBean, LoginExceptionPropagatorMBean, MemberGroupListerMBean, NameListerMBean, ProviderMBean, UserPasswordEditorMBean, UserReaderMBean

public interface ActiveDirectoryAuthenticatorMBean
extends LDAPAuthenticatorMBean

The MBean that represents LDAP schema definitions for the Active Directory LDAP Authentication provider.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime.

Method Summary

Boolean	getEnableSIDtoGroupLookupCaching() Boolean value that indicates whether SID to group name lookup results are cached or not.
String	getGroupBaseDN() The attribute of an LDAP user object that specifies the Distinguished Names (DNs) of dynamic groups to which the user belongs.
String	getGroupFromNameFilter() LDAP search filter for finding a group given the name of the group.
String	getGuidAttribute() Specifies the name of the GUID attribute defined in the Active Directory LDAP server.
Integer	getMaxSIDToGroupLookupsInCache() The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled.
String	getName() The name of this configuration.
String	getStaticGroupDNsfromMemberDNFilter() An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
String	getStaticGroupObjectClass() The name of the LDAP object class that stores static groups.
String	getStaticMemberDNAttribute() The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
String	getUserBaseDN() The base Distinguished Name (DN) of the tree in the LDAP directory that contains users.
String	getUserFromNameFilter() LDAP search filter for finding a user given the name of the user.
String	getUserNameAttribute() The attribute of the LDAP User object that specifies the name of the user.
String	getUserObjectClass() The name of the LDAP object class that stores users.
Boolean	getUseTokenGroupsForGroupMembershipLookup() Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.
void	setEnableSIDtoGroupLookupCaching(Boolean newValue) Boolean value that indicates whether SID to group name lookup results are cached or not.
void	setGroupBaseDN(String newValue) The attribute of an LDAP user object that specifies the Distinguished Names (DNs) of dynamic groups to which the user belongs.
void	setGroupFromNameFilter(String newValue) LDAP search filter for finding a group given the name of the group.
void	setGuidAttribute(String newValue) Specifies the name of the GUID attribute defined in the Active Directory LDAP server.
void	setMaxSIDToGroupLookupsInCache(Integer newValue) The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled.
void	setStaticGroupDNsfromMemberDNFilter(String newValue) An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.
void	setStaticGroupObjectClass(String newValue) The name of the LDAP object class that stores static groups.
void	setStaticMemberDNAttribute(String newValue) The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
void	setUserBaseDN(String newValue) The base Distinguished Name (DN) of the tree in the LDAP directory that contains users.
void	setUserFromNameFilter(String newValue) LDAP search filter for finding a user given the name of the user.
void	setUserNameAttribute(String newValue) The attribute of the LDAP User object that specifies the name of the user.
void	setUserObjectClass(String newValue) The name of the LDAP object class that stores users.
void	setUseTokenGroupsForGroupMembershipLookup(Boolean newValue) Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.

Methods inherited from interface weblogic.security.providers.authentication.LDAPAuthenticatorMBean

getAllGroupsFilter, getAllUsersFilter, getCredential, getCredentialEncrypted, getDescription, getDynamicGroupNameAttribute, getDynamicGroupObjectClass, getDynamicMemberURLAttribute, getEnableGroupMembershipLookupHierarchyCaching, getGroupMembershipSearching, getGroupSearchScope, getIgnoreDuplicateMembership, getMaxGroupMembershipSearchLevel, getProviderClassName, getStaticGroupNameAttribute, getUserDynamicGroupDNAttribute, getUseRetrievedUserNameAsPrincipal, getUserSearchScope, getVersion, isKeepAliveEnabled, setAllGroupsFilter, setAllUsersFilter, setCredential, setCredentialEncrypted, setDynamicGroupNameAttribute, setDynamicGroupObjectClass, setDynamicMemberURLAttribute, setEnableGroupMembershipLookupHierarchyCaching, setGroupMembershipSearching, setGroupSearchScope, setIgnoreDuplicateMembership, setKeepAliveEnabled, setMaxGroupMembershipSearchLevel, setStaticGroupNameAttribute, setUserDynamicGroupDNAttribute, setUseRetrievedUserNameAsPrincipal, setUserSearchScope

Methods inherited from interface weblogic.security.providers.authentication.LoginExceptionPropagatorMBean

getPropagateCauseForLoginException, setPropagateCauseForLoginException

Methods inherited from interface weblogic.management.security.authentication.AuthenticatorMBean

getControlFlag, setControlFlag

Methods inherited from interface weblogic.management.security.ProviderMBean

getRealm

Methods inherited from interface weblogic.management.utils.LDAPServerMBean

getCacheSize, getCacheTTL, getConnectionPoolSize, getConnectionRetryLimit, getConnectTimeout, getHost, getParallelConnectDelay, getPort, getPrincipal, getResultsTimeLimit, isBindAnonymouslyOnReferrals, isCacheEnabled, isFollowReferrals, isSSLEnabled, setBindAnonymouslyOnReferrals, setCacheEnabled, setCacheSize, setCacheTTL, setConnectionPoolSize, setConnectionRetryLimit, setConnectTimeout, setFollowReferrals, setHost, setParallelConnectDelay, setPort, setPrincipal, setResultsTimeLimit, setSSLEnabled

Methods inherited from interface weblogic.management.security.authentication.UserReaderMBean

getUserDescription, listUsers, userExists

Methods inherited from interface weblogic.management.utils.NameListerMBean

getCurrentName

Methods inherited from interface weblogic.management.utils.ListerMBean

advance, close, haveCurrent

Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean

getGroupDescription, groupExists, isMember, listGroups

Methods inherited from interface weblogic.management.utils.NameListerMBean

getCurrentName

Methods inherited from interface weblogic.management.utils.ListerMBean

advance, close, haveCurrent

Methods inherited from interface weblogic.management.security.authentication.GroupMemberListerMBean

listGroupMembers

Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean

getGroupDescription, groupExists, isMember, listGroups

Methods inherited from interface weblogic.management.utils.NameListerMBean

getCurrentName

Methods inherited from interface weblogic.management.utils.ListerMBean

advance, close, haveCurrent

Methods inherited from interface weblogic.management.security.authentication.MemberGroupListerMBean

listMemberGroups

Methods inherited from interface weblogic.management.security.authentication.GroupReaderMBean

getGroupDescription, groupExists, isMember, listGroups

Methods inherited from interface weblogic.management.utils.NameListerMBean

getCurrentName

Methods inherited from interface weblogic.management.utils.ListerMBean

advance, close, haveCurrent

Methods inherited from interface weblogic.management.security.authentication.UserPasswordEditorMBean

changeUserPassword, resetUserPassword

Methods inherited from interface weblogic.management.security.authentication.GroupMembershipHierarchyCacheMBean

getGroupHierarchyCacheTTL, getMaxGroupHierarchiesInCache, setGroupHierarchyCacheTTL, setMaxGroupHierarchiesInCache

Method Detail

getUserObjectClass

String getUserObjectClass()

The name of the LDAP object class that stores users.

Specified by:

getUserObjectClass in interface LDAPAuthenticatorMBean

Default Value:

"user"

setUserObjectClass

void setUserObjectClass(String newValue)
                        throws InvalidAttributeValueException

The name of the LDAP object class that stores users.

Specified by:

setUserObjectClass in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute UserObjectClass

Throws:

InvalidAttributeValueException

Default Value:

"user"

getUserNameAttribute

String getUserNameAttribute()

The attribute of the LDAP User object that specifies the name of the user. The default value is "cn". In Active Directory, generally, cn stores a string that is a combination of the user's first name and last name, and sAMAccountName stores the user's login name. So it is recommended that you set "sAMAccountName" to this property before using the Active Directory LDAP Authentication provider. It is for backward compatibility purpose that the default value is "cn" instead of "sAMAccountName".

Specified by:

getUserNameAttribute in interface LDAPAuthenticatorMBean

Default Value:

"cn"

setUserNameAttribute

void setUserNameAttribute(String newValue)
                          throws InvalidAttributeValueException

The attribute of the LDAP User object that specifies the name of the user. The default value is "cn". In Active Directory, generally, cn stores a string that is a combination of the user's first name and last name, and sAMAccountName stores the user's login name. So it is recommended that you set "sAMAccountName" to this property before using the Active Directory LDAP Authentication provider. It is for backward compatibility purpose that the default value is "cn" instead of "sAMAccountName".

Specified by:

setUserNameAttribute in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute UserNameAttribute

Throws:

InvalidAttributeValueException

Default Value:

"cn"

getUserBaseDN

String getUserBaseDN()

The base Distinguished Name (DN) of the tree in the LDAP directory that contains users.

Specified by:

getUserBaseDN in interface LDAPAuthenticatorMBean

Default Value:

"ou=WLSMEMBERS,dc=example,dc=com"

setUserBaseDN

void setUserBaseDN(String newValue)
                   throws InvalidAttributeValueException

The base Distinguished Name (DN) of the tree in the LDAP directory that contains users.

Specified by:

setUserBaseDN in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute UserBaseDN

Throws:

InvalidAttributeValueException

Default Value:

"ou=WLSMEMBERS,dc=example,dc=com"

getUserFromNameFilter

String getUserFromNameFilter()

LDAP search filter for finding a user given the name of the user. The default value is "(&(cn=%u)(objectclass=user))". In Active Directory, generally, cn stores a string that is a combination of the user's first name and last name, and sAMAccountName stores the user's login name. So it is recommended that you set "(&(sAMAccountName=%u)(objectclass=user))" to this property before using the Active Directory LDAP Authentication provider. It is for backward compatibility purpose that the default value is "(&(cn=%u)(objectclass=user))" instead of "(&(sAMAccountName=%u)(objectclass=user))".

Specified by:

getUserFromNameFilter in interface LDAPAuthenticatorMBean

Default Value:

"(&(cn=%u)(objectclass=user))"

setUserFromNameFilter

void setUserFromNameFilter(String newValue)
                           throws InvalidAttributeValueException

LDAP search filter for finding a user given the name of the user. The default value is "(&(cn=%u)(objectclass=user))". In Active Directory, generally, cn stores a string that is a combination of the user's first name and last name, and sAMAccountName stores the user's login name. So it is recommended that you set "(&(sAMAccountName=%u)(objectclass=user))" to this property before using the Active Directory LDAP Authentication provider. It is for backward compatibility purpose that the default value is "(&(cn=%u)(objectclass=user))" instead of "(&(sAMAccountName=%u)(objectclass=user))".

Specified by:

setUserFromNameFilter in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute UserFromNameFilter

Throws:

InvalidAttributeValueException

Default Value:

"(&(cn=%u)(objectclass=user))"

getGroupBaseDN

String getGroupBaseDN()

The attribute of an LDAP user object that specifies the Distinguished Names (DNs) of dynamic groups to which the user belongs.

Specified by:

getGroupBaseDN in interface LDAPAuthenticatorMBean

Default Value:

"ou=WLSGROUPS,dc=example,dc=com"

setGroupBaseDN

void setGroupBaseDN(String newValue)
                    throws InvalidAttributeValueException

The attribute of an LDAP user object that specifies the Distinguished Names (DNs) of dynamic groups to which the user belongs.

Specified by:

setGroupBaseDN in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute GroupBaseDN

Throws:

InvalidAttributeValueException

Default Value:

"ou=WLSGROUPS,dc=example,dc=com"

getGroupFromNameFilter

String getGroupFromNameFilter()

LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Specified by:

getGroupFromNameFilter in interface LDAPAuthenticatorMBean

Default Value:

"(&(cn=%g)(objectclass=group))"

setGroupFromNameFilter

void setGroupFromNameFilter(String newValue)
                            throws InvalidAttributeValueException

LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

Specified by:

setGroupFromNameFilter in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute GroupFromNameFilter

Throws:

InvalidAttributeValueException

Default Value:

"(&(cn=%g)(objectclass=group))"

getStaticGroupDNsfromMemberDNFilter

String getStaticGroupDNsfromMemberDNFilter()

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.

Specified by:

getStaticGroupDNsfromMemberDNFilter in interface LDAPAuthenticatorMBean

Default Value:

"(&(member=%M)(objectclass=group))"

setStaticGroupDNsfromMemberDNFilter

void setStaticGroupDNsfromMemberDNFilter(String newValue)
                                         throws InvalidAttributeValueException

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP groups that contain that member.

Specified by:

setStaticGroupDNsfromMemberDNFilter in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute StaticGroupDNsfromMemberDNFilter

Throws:

InvalidAttributeValueException

Default Value:

"(&(member=%M)(objectclass=group))"

getStaticGroupObjectClass

String getStaticGroupObjectClass()

The name of the LDAP object class that stores static groups.

Specified by:

getStaticGroupObjectClass in interface LDAPAuthenticatorMBean

Default Value:

"group"

setStaticGroupObjectClass

void setStaticGroupObjectClass(String newValue)
                               throws InvalidAttributeValueException

The name of the LDAP object class that stores static groups.

Specified by:

setStaticGroupObjectClass in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute StaticGroupObjectClass

Throws:

InvalidAttributeValueException

Default Value:

"group"

getStaticMemberDNAttribute

String getStaticMemberDNAttribute()

The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.

Specified by:

getStaticMemberDNAttribute in interface LDAPAuthenticatorMBean

Default Value:

"member"

setStaticMemberDNAttribute

void setStaticMemberDNAttribute(String newValue)
                                throws InvalidAttributeValueException

The attribute of the LDAP static group object that specifies the distinguished names (DNs) of the members of the group.

Specified by:

setStaticMemberDNAttribute in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute StaticMemberDNAttribute

Throws:

InvalidAttributeValueException

Default Value:

"member"

getUseTokenGroupsForGroupMembershipLookup

Boolean getUseTokenGroupsForGroupMembershipLookup()

Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.

Default Value:

new java.lang.Boolean(false)

setUseTokenGroupsForGroupMembershipLookup

void setUseTokenGroupsForGroupMembershipLookup(Boolean newValue)
                                               throws InvalidAttributeValueException

Boolean value that indicates whether to use TokenGroups attribute lookup algorithm instead of the standard recursive group membership lookup algorithm.

Parameters:

newValue - - new value for attribute UseTokenGroupsForGroupMembershipLookup

Throws:

InvalidAttributeValueException

Default Value:

new java.lang.Boolean(false)

getEnableSIDtoGroupLookupCaching

Boolean getEnableSIDtoGroupLookupCaching()

Boolean value that indicates whether SID to group name lookup results are cached or not. This is only used if the token group membership lookup algorithm is enabled.

Default Value:

new java.lang.Boolean(false)

setEnableSIDtoGroupLookupCaching

void setEnableSIDtoGroupLookupCaching(Boolean newValue)
                                      throws InvalidAttributeValueException

Boolean value that indicates whether SID to group name lookup results are cached or not. This is only used if the token group membership lookup algorithm is enabled.

Parameters:

newValue - - new value for attribute EnableSIDtoGroupLookupCaching

Throws:

InvalidAttributeValueException

Default Value:

new java.lang.Boolean(false)

getMaxSIDToGroupLookupsInCache

Integer getMaxSIDToGroupLookupsInCache()

The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled. The default is 500.

Default Value:

new Integer(500)

setMaxSIDToGroupLookupsInCache

void setMaxSIDToGroupLookupsInCache(Integer newValue)
                                    throws InvalidAttributeValueException

The maximum size of the LRU cache for holding SID to group lookups if caching of SID to group name mappings is enabled and if the tokenGroups group membership lookup is enabled. The default is 500.

Parameters:

newValue - - new value for attribute MaxSIDToGroupLookupsInCache

Throws:

InvalidAttributeValueException

Default Value:

new Integer(500)

getGuidAttribute

String getGuidAttribute()

Specifies the name of the GUID attribute defined in the Active Directory LDAP server. The default value is objectguid.

Specified by:

getGuidAttribute in interface LDAPAuthenticatorMBean

Default Value:

"objectguid"

setGuidAttribute

void setGuidAttribute(String newValue)
                      throws InvalidAttributeValueException

Specifies the name of the GUID attribute defined in the Active Directory LDAP server. The default value is objectguid.

Specified by:

setGuidAttribute in interface LDAPAuthenticatorMBean

Parameters:

newValue - - new value for attribute GuidAttribute

Throws:

InvalidAttributeValueException

Default Value:

"objectguid"

getName

String getName()

Description copied from interface: ProviderMBean

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:

getName in interface LDAPAuthenticatorMBean

Specified by:

getName in interface LoginExceptionPropagatorMBean

Specified by:

getName in interface ProviderMBean

Default Value:

"ActiveDirectoryAuthenticator"