Bookshelf v7.8: Creating Users in the LDAP/ADS Directory

Create three users in the LDAP/ADS directory, as described in Table 7. Specify attribute names, such as uid and userPassword for an LDAP directory, as suggested here. Your entries may vary based on how you assign attributes in Setting Up the LDAP/ADS Directory.

Table 7. Records in the LDAP/ADS Directory
Type of User	Siebel User ID Attribute (uid for LDAP or sAMAccountName for ADS)	Password (userPassword attribute for LDAP or ADS password for ADS)	Database Account Attribute (dbaccount)
Anonymous user	Enter the user ID of the anonymous user record for the Siebel application you are implementing. You can use a seed data anonymous user record for a Siebel customer or partner application. For example, if you implement Siebel Service, enter `GUESTCST`. You can create a new user record or adapt a seed anonymous user record for a Siebel employee application. The anonymous user is required even if the application does not allow access by unregistered users. For more information, see Configuring the Anonymous User.	`GUESTPW` or a password of your choice	username = LDAPUSER password=P
Application user	`APPUSER` or a name of your choice	`APPUSERPW` or a password of your choice	A database account is not used for the application user.
A test user	`TESTUSER` or a name of your choice	`TESTPW` or a password of your choice	Database account is not required for any user record, except the anonymous user.

NOTE: The specific user and password entries are only suggested. You may vary those entries.

This example implements a shared credential. The database account for all users is stored in one object in the directory. In this example, the shared database account is stored in the anonymous user record. The database account must match the database account you reserve for externally authenticated users described in Creating a Database Login. The P symbol represents the password in that database account.

NOTE: In a production environment, do not use the anonymous user as the directory object that contains the shared credential. To do so could allow a user with minimum responsibility to log in directly to the directory server and view shared database credentials. Using these database credentials, a user could log in directly to the Siebel Database and see data that he or she does not have the assigned visibility level to see.

CAUTION: Make sure the application user has write privileges to the directory because the security adapter uses application user credentials when using the self-registration component. The application user must also have search privileges for all user records.