Active Directory Authentication Provider-->Users

Active Directory Authentication Provider-->Users

Tasks Related Topics Attributes

Overview

Use this page to specify how user information is stored in the Active Directory LDAP directory.

Tasks

Configuring an LDAP Authentication Provider

Related Topics

Introduction to WebLogic Security
Managing WebLogic Security
Securing WebLogic Resources
Programmimg WebLogic Security
Developing Security Providers for WebLogic Server
Securing a Production Environment
The Security topics in the WebLogic Server 8.1 Upgrade Guide
Security FAQ
The Security page in the WebLogic Server documentation

Attributes

Attribute Label

Description

Value Constraints
User Object Class The LDAP object class that stores users.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: UserObjectClass Default: "person"
User Name Attribute The attribute of the LDAP User object that specifies the name of the user.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: UserNameAttribute Default: "uid"
User Dynamic Group DNAttribute The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: UserDynamicGroupDNAttribute

User Base DN The base distinguished name (DN) of the tree in the LDAP directory that contains users.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: UserBaseDN Default: "ou=people, o=example.com"
User Search Scope Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: UserSearchScope Default: "subtree"
User From Name Filter An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: UserFromNameFilter Default: "(&(cn=%u)(objectclass=user))"
All Users Filter An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.MBean: weblogic.security.
providers.authentication.
ActiveDirectoryAuthenticatorMBeanAttribute: AllUsersFilter

Attribute Label	Description	Value Constraints
User Object Class	The LDAP object class that stores users.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: UserObjectClass	Default: "person"
User Name Attribute	The attribute of the LDAP User object that specifies the name of the user.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: UserNameAttribute	Default: "uid"
User Dynamic Group DNAttribute	The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: UserDynamicGroupDNAttribute
User Base DN	The base distinguished name (DN) of the tree in the LDAP directory that contains users.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: UserBaseDN	Default: "ou=people, o=example.com"
User Search Scope	Specifies how deep in the LDAP directory tree to search for Users. Valid values are subtree and onelevel.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: UserSearchScope	Default: "subtree"
User From Name Filter	An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: UserFromNameFilter	Default: "(&(cn=%u)(objectclass=user))"
All Users Filter	An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.MBean: weblogic.security. providers.authentication. ActiveDirectoryAuthenticatorMBeanAttribute: AllUsersFilter