OID 11G: orclMemberof Attribute and how it can improve wls performance

From OID11G and WLS perspective, I want to share with you guys this: Someone asked me thru Oracle Forum last week, I helped him and now I am doing this post to help you:

It’s particular difficult to calculate all of user’s membership in OID(or any LDAP).

1) I did (below) one example into my ldap, search with results for a specific user where I request and receive the value(s) of orclMemberOf.

Note: U will also notice that nested memberships are returned multiple times, once for each group that the user belongs to that is a member of another given group.

So, just be aware of that.

LDAP command line:
[oracle@thiagoleoncioserver bin]$ ./ldapsearch -h thiagoserver.example.com -p 3060 -D cn=orcladmin -w thiagopwd -b “cn=Users,dc=thiagoleoncioserver,dc=oracle,dc=com” -L -s sub -v “uid=thiago.leoncio” memberOf

And expected results:
ldap_open( thiagoserver.example.com , 3060 )

filter pattern: uid=thiago.leoncio

returning: memberOf

filter is: (uid=thiago.leoncio)

dn: uid=thiago.leoncio,cn=users,dc=thiagoleoncioserver,dc=oracle,dc=com

memberof: cn=administrators,cn=groups,dc=example,dc=com
memberof: cn=oaamenvadmingroup,cn=groups,dc=example,dc=com
memberof: cn=groupofgroups,cn=groups,dc=example,dc=com

2)And from performance perspective:
orclMemberOf attribute can speed up authentication into WebLogic and SOA when you have WebLogic’s security framework, by adding it into ‘User Dynamic Group DN attribute’ on authenticator configurations.

I hope this helps,
Thiago Leoncio.