Active Directory Authentication Provider-->Groups

Active Directory Authentication Provider-->Groups

Tasks Related Topics Attributes

Overview

Use this page to specify how groups are stored and located in the Active Directory LDAP directory.

Tasks

Configuring an LDAP Authentication Provider

Related Topics

Introduction to WebLogic Security
Managing WebLogic Security
Securing WebLogic Resources
Programmimg WebLogic Security
Developing Security Providers for WebLogic Server
Securing a Production Environment
The Security topics in the WebLogic Server 8.1 Upgrade Guide
Security FAQ
The Security page in the WebLogic Server documentation

Attributes

Attribute Label

Description

Value Constraints
Group Base DN The base distinguished name (DN) of the tree in the LDAP directory that contains groups.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: GroupBaseDN Default: "ou=ou=WLSGROUPS,dc=example,dc=com"
Group Search Scope Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: GroupSearchScope Default: "subtree"
Group From Name Filter LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: GroupFromNameFilter Default: "(&(cn=%g)(objectclass=groupofuniquenames))"
All Groups Filter An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: AllGroupsFilter

Static Group Object Class The name of the LDAP object class that stores static groups.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: StaticGroupObjectClass Default: "groupofuniquenames"
Static Group Name Attribute The attribute of a static LDAP group object that specifies the name of the group.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: StaticGroupNameAttribute Default: "cn"

Attribute Label	Description	Value Constraints
Group Base DN	The base distinguished name (DN) of the tree in the LDAP directory that contains groups.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: GroupBaseDN	Default: "ou=ou=WLSGROUPS,dc=example,dc=com"
Group Search Scope	Specifies how deep in the LDAP directory tree to search for groups. Valid values are subtree and onelevel.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: GroupSearchScope	Default: "subtree"
Group From Name Filter	LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: GroupFromNameFilter	Default: "(&(cn=%g)(objectclass=groupofuniquenames))"
All Groups Filter	An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: AllGroupsFilter
Static Group Object Class	The name of the LDAP object class that stores static groups.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: StaticGroupObjectClass	Default: "groupofuniquenames"
Static Group Name Attribute	The attribute of a static LDAP group object that specifies the name of the group.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: StaticGroupNameAttribute	Default: "cn"