BEA Systems, Inc.

Type-Safe Access to BEA WebLogic Server 9.2 MBeans (Deprecated)

(Methods marked with @since are not available through the deprecated MBeanHome interface.)
Interface LDAPAuthenticatorMBean

All Superinterfaces:
AuthenticationProviderMBean, AuthenticatorMBean, weblogic.descriptor.DescriptorBean, GroupMemberListerMBean, GroupMembershipHierarchyCacheMBean, GroupReaderMBean, LDAPServerMBean, ListerMBean, LoginExceptionPropagatorMBean, MemberGroupListerMBean, NameListerMBean, ProviderMBean, weblogic.descriptor.SettableBean,, UserPasswordEditorMBean, UserReaderMBean
All Known Subinterfaces:
ActiveDirectoryAuthenticatorMBean, IPlanetAuthenticatorMBean, NovellAuthenticatorMBean, OpenLDAPAuthenticatorMBean

public interface LDAPAuthenticatorMBean
extends, weblogic.descriptor.DescriptorBean, LoginExceptionPropagatorMBean, LDAPServerMBean, UserReaderMBean, GroupReaderMBean, GroupMemberListerMBean, MemberGroupListerMBean, UserPasswordEditorMBean, GroupMembershipHierarchyCacheMBean

This MBean contains attributes for the LDAP servers supported by the LDAP Authentication providers. Subinterfaces of this MBean override default values specific to an LDAP server.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on

Method Summary
 String getAllGroupsFilter()
          An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
 String getAllUsersFilter()
          An LDAP search filter for finding all users beneath the base user distinguished name (DN).
 String getCredential()
          The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 byte[] getCredentialEncrypted()
          Returns the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 String getDescription()
          A short description of the LDAP Authentication provider.
 String getDynamicGroupNameAttribute()
          The attribute of a dynamic LDAP group object that specifies the name of the group.
 String getDynamicGroupObjectClass()
          The LDAP object class that stores dynamic groups.
 String getDynamicMemberURLAttribute()
          The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
 String getGroupBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 String getGroupFromNameFilter()
          An LDAP search filter for finding a group given the name of the group.
 String getGroupMembershipSearching()
          Specifies whether group searches into nested groups are unlimited or limited.
 String getGroupSearchScope()
          Specifies how deep in the LDAP directory tree to search for groups.
 Boolean getIgnoreDuplicateMembership()
          Determines whether duplicate members are ignored when adding groups.
 Integer getMaxGroupMembershipSearchLevel()
          Specifies how many levels of group membership can be searched.
 String getName()
          The name of this configuration.
 String getProviderClassName()
          The name of the Java class used to load the LDAP Authentication provider.
 String getStaticGroupDNsfromMemberDNFilter()
          An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member.
 String getStaticGroupNameAttribute()
          The attribute of a static LDAP group object that specifies the name of the group.
 String getStaticGroupObjectClass()
          The name of the LDAP object class that stores static groups.
 String getStaticMemberDNAttribute()
          The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
 String getUserBaseDN()
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 String getUserDynamicGroupDNAttribute()
          The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
 Boolean getUseRetrievedUserNameAsPrincipal()
          Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
 String getUserFromNameFilter()
          An LDAP search filter for finding a user given the name of the user.
 String getUserNameAttribute()
          The attribute of an LDAP user object that specifies the name of the user.
 String getUserObjectClass()
          The LDAP object class that stores users.
 String getUserSearchScope()
          Specifies how deep in the LDAP directory tree to search for Users.
 String getVersion()
          The version number of the LDAP Authentication provider.
 boolean isKeepAliveEnabled()
          Specifies whether to prevent LDAP connections from timing out.
 void setAllGroupsFilter(String newValue)
          An LDAP search filter for finding all groups beneath the base group distinguished name (DN).
 void setAllUsersFilter(String newValue)
          An LDAP search filter for finding all users beneath the base user distinguished name (DN).
 void setCredential(String newValue)
          The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 void setCredentialEncrypted(byte[] _bytes)
          Sets the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
 void setDynamicGroupNameAttribute(String newValue)
          The attribute of a dynamic LDAP group object that specifies the name of the group.
 void setDynamicGroupObjectClass(String newValue)
          The LDAP object class that stores dynamic groups.
 void setDynamicMemberURLAttribute(String newValue)
          The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
 void setGroupBaseDN(String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
 void setGroupFromNameFilter(String newValue)
          An LDAP search filter for finding a group given the name of the group.
 void setGroupMembershipSearching(String newValue)
          Specifies whether group searches into nested groups are unlimited or limited.
 void setGroupSearchScope(String newValue)
          Specifies how deep in the LDAP directory tree to search for groups.
 void setIgnoreDuplicateMembership(Boolean newValue)
          Determines whether duplicate members are ignored when adding groups.
 void setKeepAliveEnabled(boolean newValue)
          Specifies whether to prevent LDAP connections from timing out.
 void setMaxGroupMembershipSearchLevel(Integer newValue)
          Specifies how many levels of group membership can be searched.
 void setStaticGroupDNsfromMemberDNFilter(String newValue)
          An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member.
 void setStaticGroupNameAttribute(String newValue)
          The attribute of a static LDAP group object that specifies the name of the group.
 void setStaticGroupObjectClass(String newValue)
          The name of the LDAP object class that stores static groups.
 void setStaticMemberDNAttribute(String newValue)
          The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.
 void setUserBaseDN(String newValue)
          The base distinguished name (DN) of the tree in the LDAP directory that contains users.
 void setUserDynamicGroupDNAttribute(String newValue)
          The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs.
 void setUseRetrievedUserNameAsPrincipal(Boolean newValue)
          Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
 void setUserFromNameFilter(String newValue)
          An LDAP search filter for finding a user given the name of the user.
 void setUserNameAttribute(String newValue)
          The attribute of an LDAP user object that specifies the name of the user.
 void setUserObjectClass(String newValue)
          The LDAP object class that stores users.
 void setUserSearchScope(String newValue)
          Specifies how deep in the LDAP directory tree to search for Users.
Methods inherited from interface
setName, wls_getDisplayName, wls_getInterfaceClassName, wls_getObjectName
Methods inherited from interface weblogic.descriptor.DescriptorBean
addBeanUpdateListener, addPropertyChangeListener, createChildCopy, createChildCopyIncludingObsolete, getDescriptor, getParentBean, isEditable, removeBeanUpdateListener, removePropertyChangeListener
Methods inherited from interface weblogic.descriptor.SettableBean
isSet, unSet
Methods inherited from interface
getPropagateCauseForLoginException, setPropagateCauseForLoginException
Methods inherited from interface
getControlFlag, setControlFlag
Methods inherited from interface
Methods inherited from interface
getCacheSize, getCacheTTL, getConnectionRetryLimit, getConnectTimeout, getHost, getParallelConnectDelay, getPort, getPrincipal, getResultsTimeLimit, isBindAnonymouslyOnReferrals, isCacheEnabled, isFollowReferrals, isSSLEnabled, setBindAnonymouslyOnReferrals, setCacheEnabled, setCacheSize, setCacheTTL, setConnectionRetryLimit, setConnectTimeout, setFollowReferrals, setHost, setParallelConnectDelay, setPort, setPrincipal, setResultsTimeLimit, setSSLEnabled
Methods inherited from interface
getUserDescription, listUsers, userExists
Methods inherited from interface
Methods inherited from interface
advance, close, haveCurrent
Methods inherited from interface
getGroupDescription, groupExists, isMember, listGroups
Methods inherited from interface
Methods inherited from interface
Methods inherited from interface
changeUserPassword, resetUserPassword
Methods inherited from interface
getEnableGroupMembershipLookupHierarchyCaching, getGroupHierarchyCacheTTL, getMaxGroupHierarchiesInCache, setEnableGroupMembershipLookupHierarchyCaching, setGroupHierarchyCacheTTL, setMaxGroupHierarchiesInCache

Method Detail


public String getAllGroupsFilter()

An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.


public String getAllUsersFilter()

An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.


public String getCredential()

The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
getCredential in interface LDAPServerMBean
See Also:


public byte[] getCredentialEncrypted()
Description copied from interface: LDAPServerMBean
Returns the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
getCredentialEncrypted in interface LDAPServerMBean
The credential value as an encrypted byte array.
See Also:


public String getDescription()

A short description of the LDAP Authentication provider.

Specified by:
getDescription in interface ProviderMBean


public String getDynamicGroupNameAttribute()

The attribute of a dynamic LDAP group object that specifies the name of the group.


public String getDynamicGroupObjectClass()

The LDAP object class that stores dynamic groups.


public String getDynamicMemberURLAttribute()

The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.


public String getGroupBaseDN()

The base distinguished name (DN) of the tree in the LDAP directory that contains groups.


public String getGroupFromNameFilter()

An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.


public String getGroupMembershipSearching()

Specifies whether group searches into nested groups are unlimited or limited. Valid values are unlimited and limited.

For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group. If a limited search is specified, the Max Group Membership Search Level attribute must be specified. If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.


public String getGroupSearchScope()

Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.


public Boolean getIgnoreDuplicateMembership()

Determines whether duplicate members are ignored when adding groups. The attribute cycles in the Group membership.


public Integer getMaxGroupMembershipSearchLevel()

Specifies how many levels of group membership can be searched. This setting is valid only if GroupMembershipSearching is set to limited. Valid values are 0 and positive integers. For example, 0 indicates only direct group memberships will be found, and a positive number indicates the number of levels to search.

Possible values are:

0 - Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.

Any positive number - Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.


public String getName()
Description copied from interface: ProviderMBean
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:
getName in interface


public String getProviderClassName()

The name of the Java class used to load the LDAP Authentication provider.

Specified by:
getProviderClassName in interface ProviderMBean
Excluded: Should not appear in public javadocs
Internal: Should not appear in public javadocs


public String getStaticGroupDNsfromMemberDNFilter()

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.


public String getStaticGroupNameAttribute()

The attribute of a static LDAP group object that specifies the name of the group.


public String getStaticGroupObjectClass()

The name of the LDAP object class that stores static groups.


public String getStaticMemberDNAttribute()

The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.


public String getUserBaseDN()

The base distinguished name (DN) of the tree in the LDAP directory that contains users.


public String getUserDynamicGroupDNAttribute()

The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.


public Boolean getUseRetrievedUserNameAsPrincipal()

Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.


public String getUserFromNameFilter()

An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.


public String getUserNameAttribute()

The attribute of an LDAP user object that specifies the name of the user.


public String getUserObjectClass()

The LDAP object class that stores users.


public String getUserSearchScope()

Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.


public String getVersion()

The version number of the LDAP Authentication provider.

Specified by:
getVersion in interface ProviderMBean


public boolean isKeepAliveEnabled()

Specifies whether to prevent LDAP connections from timing out.


public void setAllGroupsFilter(String newValue)
                        throws InvalidAttributeValueException

An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.

newValue - - new value for attribute AllGroupsFilter


public void setAllUsersFilter(String newValue)
                       throws InvalidAttributeValueException

An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

newValue - - new value for attribute AllUsersFilter


public void setCredential(String newValue)
                   throws InvalidAttributeValueException

The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
setCredential in interface LDAPServerMBean
newValue - - new value for attribute Credential
See Also:
LDAPServerMBean.getCredential(), LDAPServerMBean.setCredentialEncrypted(byte[])


public void setCredentialEncrypted(byte[] _bytes)
Description copied from interface: LDAPServerMBean
Sets the credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.

Specified by:
setCredentialEncrypted in interface LDAPServerMBean
_bytes - The new credential value as a byte array.
See Also:


public void setDynamicGroupNameAttribute(String newValue)
                                  throws InvalidAttributeValueException

The attribute of a dynamic LDAP group object that specifies the name of the group.

newValue - - new value for attribute DynamicGroupNameAttribute


public void setDynamicGroupObjectClass(String newValue)
                                throws InvalidAttributeValueException

The LDAP object class that stores dynamic groups.

newValue - - new value for attribute DynamicGroupObjectClass


public void setDynamicMemberURLAttribute(String newValue)
                                  throws InvalidAttributeValueException

The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.

newValue - - new value for attribute DynamicMemberURLAttribute


public void setGroupBaseDN(String newValue)
                    throws InvalidAttributeValueException

The base distinguished name (DN) of the tree in the LDAP directory that contains groups.

newValue - - new value for attribute GroupBaseDN


public void setGroupFromNameFilter(String newValue)
                            throws InvalidAttributeValueException

An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

newValue - - new value for attribute GroupFromNameFilter


public void setGroupMembershipSearching(String newValue)
                                 throws InvalidAttributeValueException

Specifies whether group searches into nested groups are unlimited or limited. Valid values are unlimited and limited.

For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group. If a limited search is specified, the Max Group Membership Search Level attribute must be specified. If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

newValue - - new value for attribute GroupMembershipSearching


public void setGroupSearchScope(String newValue)
                         throws InvalidAttributeValueException

Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.

newValue - - new value for attribute GroupSearchScope


public void setIgnoreDuplicateMembership(Boolean newValue)
                                  throws InvalidAttributeValueException

Determines whether duplicate members are ignored when adding groups. The attribute cycles in the Group membership.

newValue - - new value for attribute IgnoreDuplicateMembership


public void setKeepAliveEnabled(boolean newValue)
                         throws InvalidAttributeValueException

Specifies whether to prevent LDAP connections from timing out.

newValue - - new value for attribute KeepAliveEnabled


public void setMaxGroupMembershipSearchLevel(Integer newValue)
                                      throws InvalidAttributeValueException

Specifies how many levels of group membership can be searched. This setting is valid only if GroupMembershipSearching is set to limited. Valid values are 0 and positive integers. For example, 0 indicates only direct group memberships will be found, and a positive number indicates the number of levels to search.

Possible values are:

0 - Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.

Any positive number - Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.

Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.

newValue - - new value for attribute MaxGroupMembershipSearchLevel


public void setStaticGroupDNsfromMemberDNFilter(String newValue)
                                         throws InvalidAttributeValueException

An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.

newValue - - new value for attribute StaticGroupDNsfromMemberDNFilter


public void setStaticGroupNameAttribute(String newValue)
                                 throws InvalidAttributeValueException

The attribute of a static LDAP group object that specifies the name of the group.

newValue - - new value for attribute StaticGroupNameAttribute


public void setStaticGroupObjectClass(String newValue)
                               throws InvalidAttributeValueException

The name of the LDAP object class that stores static groups.

newValue - - new value for attribute StaticGroupObjectClass


public void setStaticMemberDNAttribute(String newValue)
                                throws InvalidAttributeValueException

The attribute of a static LDAP group object that specifies the distinguished names (DNs) of the members of the group.

newValue - - new value for attribute StaticMemberDNAttribute


public void setUserBaseDN(String newValue)
                   throws InvalidAttributeValueException

The base distinguished name (DN) of the tree in the LDAP directory that contains users.

newValue - - new value for attribute UserBaseDN


public void setUserDynamicGroupDNAttribute(String newValue)
                                    throws InvalidAttributeValueException

The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.

newValue - - new value for attribute UserDynamicGroupDNAttribute


public void setUseRetrievedUserNameAsPrincipal(Boolean newValue)
                                        throws InvalidAttributeValueException

Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.

newValue - - new value for attribute UseRetrievedUserNameAsPrincipal


public void setUserFromNameFilter(String newValue)
                           throws InvalidAttributeValueException

An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.

newValue - - new value for attribute UserFromNameFilter


public void setUserNameAttribute(String newValue)
                          throws InvalidAttributeValueException

The attribute of an LDAP user object that specifies the name of the user.

newValue - - new value for attribute UserNameAttribute


public void setUserObjectClass(String newValue)
                        throws InvalidAttributeValueException

The LDAP object class that stores users.

newValue - - new value for attribute UserObjectClass


public void setUserSearchScope(String newValue)
                        throws InvalidAttributeValueException

Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.

newValue - - new value for attribute UserSearchScope

Documentation is available at
Copyright 2006 BEA Systems Inc.