This MBean represents LDAP schema definitions for the iPlanet LDAP provider.
| Fully Qualified Interface Name | If you use the getMBeanInfooperation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:weblogic.security.providers.authentication.IPlanetAuthenticatorMBean | 
| Factory Methods | No factory methods. Instances of this MBean are created automatically. | 
This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.
|  | 
Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.
| Privileges | Read only | 
| Type | RealmMBean | 
| Relationship type: | Reference. | 
This section describes the following attributes:
An LDAP search filter for finding all groups beneath the base group distinguished name (DN). If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the Group schema.
| Privileges | Read/Write | 
| Type | java.lang.String | 
An LDAP search filter for finding all users beneath the base user distinguished name (DN). If the attribute (user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.
| Privileges | Read/Write | 
| Type | java.lang.String | 
Returns whether to anonymously bind when following referrals within the LDAP directory. If set to false, then the current Principal and Credential will be used.
| Privileges | Read/Write | 
| Type | boolean | 
Returns whether to cache LDAP requests with the LDAP server.
| Privileges | Read/Write | 
| Type | boolean | 
| Default Value | true | 
Returns the size of the cache in K.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 32 | 
| Minimum value | 0 | 
Returns the time-to-live (TTL) of the cache in seconds.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 60 | 
| Minimum value | 0 | 
Specifies the number of times to attempt to connect to the LDAP server if the initial connection failed.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 1 | 
Returns the maximum number of seconds to wait for the LDAP connection to be established. If set to 0, there is no maximum time limit.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 0 | 
Returns how the login sequence uses the Authentication provider.
A REQUIRED value specifies this LoginModule must 
succeed. Even if it fails, authentication proceeds down the list of 
LoginModules for the configured Authentication providers. This 
setting is the default.
A REQUISITE value specifies this LoginModule must 
succeed. If other Authentication providers are configured and this 
LoginModule succeeds, authentication proceeds down the list of 
LoginModules. Otherwise, control is return to the application.
A SUFFICIENT value specifies this LoginModule need 
not succeed. If it does succeed, return control to the application. 
If it fails and other Authentication providers are configured, 
authentication proceeds down the LoginModule list.
 An OPTIONAL value specifies this LoginModule need 
not succeed. Whether it succeeds or fails, authentication proceeds 
down the LoginModule list.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | REQUIRED | 
| Legal Values | 
 | 
The credential (generally a password) used to authenticate the LDAP user that is defined in the Principal attribute.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Encrypted | true | 
| Privileges | Read/Write | 
| Type | byte[] | 
| Encrypted | true | 
A short description of the LDAP Authentication provider.
| Privileges | Read only | 
| Type | java.lang.String | 
| Default Value | Provider that performs LDAP authentication | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
The attribute of the dynamic LDAP group object that specifies the name of the group.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | cn | 
The LDAP object class that stores dynamic groups.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | groupofURLs | 
The attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | memberURL | 
Returns whether group membership hierarchies found during recursive membership lookup will be cached. If true, each subtree found will be cached.
| Privileges | Read/Write | 
| Type | java.lang.Boolean | 
Returns whether referrals will automatically be followed within the LDAP Directory. If set to false, then a Referral exception will be thrown when referrals are encountered during LDAP requests.
| Privileges | Read/Write | 
| Type | boolean | 
| Default Value | true | 
The base distinguished name (DN) of the tree in the LDAP directory that contains groups.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | ou=groups, o=example.com | 
An LDAP search filter for finding a group given the name of the group. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | (|(&(cn=%g)(objectclass=groupofUniqueNames))(&(cn=%g)(objectclass=groupOfURLs))) | 
Returns the maximum number of seconds a group membership hierarchy entry is valid in the LRU cache.
| Privileges | Read/Write | 
| Type | java.lang.Integer | 
| Default Value | 60 | 
Specifies whether group searches into nested groups are 
unlimited or limited. Valid values are unlimited and 
limited.
For configurations that use only the first level of nested group hierarchy, this attribute allows improved performance during user searches by limiting the search to the first level of the group. If a limited search is specified, the Max Group Membership Search Level attribute must be specified. If an unlimited search is specified, the Max Group Membership Search Level attribute is ignored.
Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | unlimited | 
| Legal Values | 
 | 
Specifies how deep in the LDAP directory tree to search for 
groups. Valid values are subtree and 
onelevel.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | subtree | 
| Legal Values | 
 | 
Returns the host name or IP address of the LDAP server.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | localhost | 
Determines whether duplicate members are ignored when adding groups. The attribute cycles in the Group membership.
| Privileges | Read/Write | 
| Type | java.lang.Boolean | 
Specifies whether to prevent LDAP connections from timing out.
| Privileges | Read/Write | 
| Type | boolean | 
Returns the maximum size of the LRU cache for holding group membership hierarchies if caching is enabled.
| Privileges | Read/Write | 
| Type | java.lang.Integer | 
| Default Value | 100 | 
Specifies how many levels of group membership can be searched. 
This setting is valid only if GroupMembershipSearching is set to 
limited. Valid values are 0 and positive integers. For 
example, 0 indicates only direct group memberships will be found, 
and a positive number indicates the number of levels to search.
Possible values are:
0 - Indicates only direct groups will be found. That is, when searching for membership in Group A, only direct members of Group A will be found. If Group B is a member of Group A, the members will not be found by this search.
Any positive number - Indicates the number of levels to search. For example, if this attribute is set to 1, a search for membership in Group A will return direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.
Note that when Use Token Groups For Group Membership Lookup is used during authentication, all the groups are returned in a single call, and the recursion limits and depth limits do not apply. They will apply in management operations.
| Privileges | Read/Write | 
| Type | java.lang.Integer | 
| Default Value | 0 | 
| Privileges | Read only | 
| Type | java.lang.String | 
| Default Value | IPlanetAuthenticator | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the number of seconds to delay when making concurrent attempts to connect to multiple servers.
If set to 0, connection attempts are serialized. An attempt is made to connect to the first server in the list. The next entry in the list is tried only if the attempt to connect to the current host fails. This might cause your application to block for unacceptably long time if a host is down. If set to greater than 0, another connection setup thread is started after this number of delay seconds has passed.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 0 | 
Returns the port number on which the LDAP server is listening.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 389 | 
| Minimum value | 1 | 
| Maximum value | 65534 | 
Returns the Distinguished Name (DN) of the LDAP user that is used by WebLogic Server to connect to the LDAP server.
| Privileges | Read/Write | 
| Type | java.lang.String | 
No description provided.
| Privileges | Read/Write | 
| Type | boolean | 
The name of the Java class used to load the LDAP Authentication provider.
| Privileges | Read only | 
| Type | java.lang.String | 
| Default Value | weblogic.security.providers.authentication.LDAPAuthenticationProviderImpl | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the maximum number of milliseconds to wait for results before timing out. If set to 0, there is no maximum time limit.
| Privileges | Read/Write | 
| Type | int | 
| Default Value | 0 | 
Returns whether SSL will be used to connect to the LDAP server.
| Privileges | Read/Write | 
| Type | boolean | 
An LDAP search filter that, given the distinguished name (DN) of a member of a group, returns the DNs of the static LDAP broups that contain that member. If the attribute is not specified (that is, if the attribute is null or empty), a default search filter is created based on the group schema.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | (&(uniquemember=%M)(objectclass=groupofuniquenames)) | 
The attribute of a static LDAP group object that specifies the name of the group.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | cn | 
The name of the LDAP object class that stores static groups.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | groupofuniquenames | 
The attribute of an LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | uniquemember | 
The base distinguished name (DN) of the tree in the LDAP directory that contains users.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | ou=people, o=example.com | 
The attribute of an LDAP user object that specifies the distinguished names (DNs) of dynamic groups to which this user belongs. If such an attribute does not exist, WebLogic Server determines if a user is a member of a group by evaluating the URLs on the dynamic group. If a group contains other groups, WebLogic Server evaluates the URLs on any of the descendents (indicates parent relationship) of the group.
| Privileges | Read/Write | 
| Type | java.lang.String | 
Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal in the Subject.
| Privileges | Read/Write | 
| Type | java.lang.Boolean | 
An LDAP search filter for finding a user given the name of the user. If the attribute (user name attribute and user object class) is not specified (that is, if the attribute is null or empty), a default search filter is created based on the user schema.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | (&(uid=%u)(objectclass=person)) | 
The attribute of an LDAP user object that specifies the name of the user.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | uid | 
The LDAP object class that stores users.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | person | 
Specifies how deep in the LDAP directory tree to search for 
Users. Valid values are subtree and 
onelevel.
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | subtree | 
| Legal Values | 
 | 
The version number of the LDAP Authentication provider.
| Privileges | Read only | 
| Type | java.lang.String | 
| Default Value | 1.0 | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
This section describes the following operations:
Advances the list to the next element in the list.
| Operation Name | "advance" | 
| Parameters | Object [] {  cursor } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
Used by a user to change his or her password.
| Operation Name | "changeUserPassword" | 
| Parameters | Object [] {  userName, oldPassword, newPassword } where: 
 | 
| Signature | String [] {  
									"java.lang.String", 
									"java.lang.String", 
									"java.lang.String" } | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.
| Operation Name | "close" | 
| Parameters | Object [] {  cursor } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
The name of the current item in the list. Returns null if there is no current item.
| Operation Name | "getCurrentName" | 
| Parameters | Object [] {  cursor } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Gets a group's description.
| Operation Name | "getGroupDescription" | 
| Parameters | Object [] {  groupName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Gets a user's description.
| Operation Name | "getUserDescription" | 
| Parameters | Object [] {  userName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Indicates whether the specified group exists.
| Operation Name | "groupExists" | 
| Parameters | Object [] {  groupName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    boolean
     | 
| Exceptions | 
 | 
Returns true if there are more objects in the list, and false otherwise.
| Operation Name | "haveCurrent" | 
| Parameters | Object [] {  cursor } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    boolean
     | 
| Exceptions | 
 | 
Indicates whether a user or group is a member of the group that you specify. A recursive search returns true if the member belongs to the group that you specify or to any of the groups contained within that group."
| Operation Name | "isMember" | 
| Parameters | Object [] {  parentGroupName, memberUserOrGroupName, recursive } where: 
 | 
| Signature | String [] {  
									"java.lang.String", 
									"java.lang.String", 
									"java.lang.Boolean" } | 
| Returns | 
    boolean
     | 
| Exceptions | 
 | 
Returns true if the specified attribute has been set explicitly in this MBean instance.
| Operation Name | "isSet" | 
| Parameters | Object [] {  propertyName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    boolean
     | 
| Exceptions | 
 | 
Searches within a group for user and group (member) names that 
match a pattern. Returns a cursor (string). You can use methods 
from weblogic.management.utils.NameLister (which this 
MBean extends) to iterate through the returned list.
 This method does not sort the results or distinguish user and 
group names. You can use the groupExists method to 
determine whether a name refers to an existing group.
| Operation Name | "listGroupMembers" | 
| Parameters | Object [] {  groupName, memberUserOrGroupNameWildcard, maximumToReturn } where: 
 | 
| Signature | String [] {  
									"java.lang.String", 
									"java.lang.String", 
									"java.lang.Integer" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Searches for a user name that matches a pattern.
This method returns a cursor that you can pass to the methods 
from weblogic.management.utils.NameListerMBean (which 
this MBean extends) to iterate through the returned list.
This method does not sort the results.
| Operation Name | "listGroups" | 
| Parameters | Object [] {  groupNameWildcard, maximumToReturn } where: 
 | 
| Signature | String [] {  
									"java.lang.String", 
									"java.lang.Integer" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Lists the groups that directly contain a user or a group. 
Returns a cursor (string).You can use methods from 
weblogic.management.utils.NameLister (which this MBean 
extends) to iterate through the returned list.
| Operation Name | "listMemberGroups" | 
| Parameters | Object [] {  memberUserOrGroupName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Searches for a user name that matches a pattern.
This method returns a cursor that you can pass to the methods 
from weblogic.management.utils.NameListerMBean (which 
this MBean extends) to iterate through the returned list.
This method does not sort the results.
| Operation Name | "listUsers" | 
| Parameters | Object [] {  userNameWildcard, maximumToReturn } where: 
 | 
| Signature | String [] {  
									"java.lang.String", 
									"java.lang.Integer" } | 
| Returns | String
     | 
| Exceptions | 
 | 
Used by an administrator to change a user's password.
| Operation Name | "resetUserPassword" | 
| Parameters | Object [] {  userName, newPassword } where: 
 | 
| Signature | String [] {  
									"java.lang.String", 
									"java.lang.String" } | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
Restore the given property to its default value.
| Operation Name | "unSet" | 
| Parameters | Object [] {  propertyName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
Indicates whether the specified user exists.
| Operation Name | "userExists" | 
| Parameters | Object [] {  userName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    boolean
     | 
| Exceptions | 
 | 
| Operation Name | "wls_getDisplayName" | 
| Parameters | null | 
| Signature | null | 
| Returns | String
     |