Manualshelf

Technical data

ManualsBrandsBEA ManualsComputer equipmentWebLogic Server 7
251252253254255256257258259260
Specifying a Security Realm
Administration Guide 14-13
for BEA customers that are currently using the LDAP security realm in an older
release of WebLogic Server. However, the LDAP realm V1 is deprecated in this
release and BEA recommends users upgrade to the LDAP realm V2.
n LPAP realm V2—An updated LDAP security realm with improved performance
and configurability. This is the same LDAP security realm provided in
WebLogic Server 6.0 Service Pack 1.0. LDAP realm V2 does not support
getUsers() or getGroups() due to the fact that allocating memory to fulfill
those requests can cause a denial of service vulernability. If you want to use
those functions, BEA recommends using LDAP realm V1 When running
Windows 2000, BEA recommends using LDAP realm V2 to authenticate against
the Windows 2000 User and Group store.
Note: When using LDAP realm V1 you can view Users and members of a Group
stored in the LDAP directory server through the Administration Console.
However, when using LDAP realm V2, you can only view the Groups stored
in the LDAP directory server through the Administration Console.
You need to use the administration tools available with the LDAP server to
manage Users and Groups (for example, adding or deleting Users or Groups
or adding members to Groups). If you make a change in the LDAP directory
store, reset the User cache and the Group cache to immediately view your
changes in the Administration Console.
The following suggestions are ways to improve the performance of the LDAP Security
realm:
n Use the filters in the ldaprealm.props file to obtain smaller and more specific
results sets from the LDAP server (supported for LDAP realm V2 only).
n Have the LDAP server index all of the attributes that you use as search keys in
your LDAP realm search filters. Not indexing the attributes could cause linear
search performance.
n Use the Caching realm carefully. Changes in the LDAP servers information will
not be propagated to the LDAP Security realm until the cache is cleared.
Configuring the LDAP security realm involves defining attributes that enable the
LDAP Security realm in WebLogic Server to communicate with the LDAP server and
attributes that describe how Users and Groups are stored in the LDAP directory. The
LDAP tree and schema is different for every LDAP server. Therefore, the LDAP realm
V2 provides a set of templates that define default attributes for the supported LDAP
servers.