9-2 Securing Oracle WebLogic Server ■ -Dweblogic.security.ldap.changeLogThreshold=number of entries, which limits the size of the change log file used by the embedded LDAP server. When the change log file exceeds the specified number of entries, WebLogic Server truncates the change log by removing all entries that have been sent to all Managed Servers.

9.2 Embedded LDAP Server Replication

The WebLogic Server embedded LDAP server for a domain consists of a master LDAP server, maintained in the domains Administration Server, and a replicated LDAP server maintained in each Managed Server in the domain. When changes are made using a Managed Server, updates are sent to the embedded LDAP server on the Administration Server. The embedded LDAP server on the Administration Server maintains a log of all changes. The embedded LDAP server on the Administration Server also maintains a list of Managed Servers and the current change status for each one. The embedded LDAP server on the Administration Server sends appropriate changes to each Managed Server and updates the change status for each server. This process occurs when an update is made to the embedded LDAP server on the Administration Server. However, depending on the number of updates, it may take several seconds or more for the change to be replicated to the Managed Server. You can configure the behavior of the embedded LDAP server on the Administration Server and the Managed Servers in a domain using the Administration Console. By selecting the Domain Security Embedded LDAP page in the Administration Console, you can set these attributes: ■ Refresh Replica At Startup — Specifies whether the embedded LDAP server in a Managed Server should refresh all replicated data at boot time. This setting is useful if you have made many changes when the Managed Server was not active, and you want to download the entire replica instead of having the Administration Server push each change to the Managed Server. ■ Master First — Specifies whether a Managed Server should always connect to the embedded LDAP server on the Administration Server, instead of connecting to the local replicated LDAP server. See Configure the embedded LDAP server in the Oracle WebLogic Server Administration Console Help.

9.3 Viewing the Contents of the Embedded LDAP Server from an LDAP Browser

To view the contents of the embedded LDAP server through an LDAP browser: 1. Download and install an external LDAP browser. You can find one LDAP browser at the following location: http:www.openldap.org In this procedure it is assumed that you are using this LDAP browser; other LDAP browsers may differ in detail. Note: Deleting and modifying the configured security providers through the WebLogic Administration Console may require manual clean up of the embedded LDAP server. Use an external LDAP browser to delete unnecessary information. Managing the Embedded LDAP Server 9-3 2. In the WebLogic Server Administration Console, change the credential for the embedded LDAP server:

a. Expand Domain Security Embedded LDAP.