Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Domain: Security: Embedded LDAP

Configuration Options     Related Tasks     Related Topics

This page allows you to configure the embedded LDAP server for this WebLogic Server domain.

The embedded LDAP server contains user, group, group membership, security role, security policy, and credential map information. By default, each WebLogic Server domain has an embedded LDAP server configured with the default values set for each attribute. The WebLogic Authentication, Authorization, Credential Mapping, and Role Mapping providers use the embedded LDAP server as their database. If you use any of these providers in a new security realm, you may want to change the default values for the embedded LDAP server to optimize its use in your environment.

Configuration Options

Name Description
Credential

The credential (usually a password) used to connect to the embedded LDAP server.

If this credential has not been set, WebLogic Server generates a password at startup, initializes the attribute, and saves the configuration to the config.xml file. If you want to connect to the embedded LDAP server using an external LDAP browser and the embedded LDAP administrator account (cn=Admin), change this attribute from the generated value.

As of 8.1 sp4, when you get the value of this attribute, WebLogic Server does the following:

  1. Retrieves the value of the CredentialEncrypted attribute.

  2. Decrypts the value and returns the unencrypted password as a String.

When you set the value of this attribute, WebLogic Server does the following:

  1. Encrypts the value.

  2. Sets the value of the CredentialEncrypted attribute to the encrypted value.

Using the Credential attribute is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use CredentialEncrypted().

MBean Attribute:
EmbeddedLDAPMBean.Credential

Changes take effect after you redeploy the module or restart the server.

Backup Hour

The hour at which the embedded LDAP server should be backed up.

The Backup Hour value is used in conjunction with the Backup Minute value to determine the time at which the embedded LDAP server data files are backed up. At the specified time, WebLogic Server suspends writes to the embedded LDAP server, backs up the data files into a zip files in the ldap/backup directory, and then resumes writes.

MBean Attribute:
EmbeddedLDAPMBean.BackupHour

Minimum value: 0

Maximum value: 23

Changes take effect after you redeploy the module or restart the server.

Backup Minute

The minute at which the embedded LDAP server should be backed up.

The Backup Minute value is used in conjunction with the Back Up Hour value to determine the time at which the embedded LDAP server data files are backed up

MBean Attribute:
EmbeddedLDAPMBean.BackupMinute

Minimum value: 0

Maximum value: 59

Changes take effect after you redeploy the module or restart the server.

Backup Copies

The maximum number of backup copies that should be made for the embedded LDAP server.

This value limits the number of zip files in the ldap/backup directory.

MBean Attribute:
EmbeddedLDAPMBean.BackupCopies

Minimum value: 0

Maximum value: 65534

Changes take effect after you redeploy the module or restart the server.

Cache Enabled

Specifies whether a cache is used with the embedded LDAP server.

This cache is used when a managed server is reading or writing to the master embedded LDAP server that is running on the Administration server.

MBean Attribute:
EmbeddedLDAPMBean.CacheEnabled

Changes take effect after you redeploy the module or restart the server.

Cache Size

The size of the cache (in kilobytes) that is used with the embedded LDAP server.

MBean Attribute:
EmbeddedLDAPMBean.CacheSize

Minimum value: 0

Changes take effect after you redeploy the module or restart the server.

Cache TTL

The time-to-live of the cache (in seconds) that is used with the embedded LDAP server.

MBean Attribute:
EmbeddedLDAPMBean.CacheTTL

Minimum value: 0

Changes take effect after you redeploy the module or restart the server.

Refresh Replica At Startup

Specifies whether a Managed Server should refresh all replicated data at boot time. (This is useful if you have made a large amount of changes when the Managed Server was not active, and you want to download the entire replica instead of having the Administration Server push each change to the Managed Server.)

MBean Attribute:
EmbeddedLDAPMBean.RefreshReplicaAtStartup

Changes take effect after you redeploy the module or restart the server.

Master First

Specifies whether a Managed Server should always connect to the master LDAP server (contained in the Administration Server), instead of connecting to the local replicated LDAP server (contained in the Managed Server).

MBean Attribute:
EmbeddedLDAPMBean.MasterFirst

Changes take effect after you redeploy the module or restart the server.

Timeout

Specifies the maximum number of seconds to wait for results from the embedded LDAP server before timing out. If this option is set to 0, there is no maximum time limit.

MBean Attribute:
EmbeddedLDAPMBean.Timeout

Minimum value: 0

Changes take effect after you redeploy the module or restart the server.

Anonymous Bind Allowed

Specifies whether the embedded LDAP server should allow anonymous connections.

MBean Attribute:
EmbeddedLDAPMBean.AnonymousBindAllowed

Changes take effect after you redeploy the module or restart the server.

Related Tasks

Related Topics


Back to Top