Security Guide for Siebel Business Applications > Security Adapter Authentication > Setting Up Security Adapter Authentication: A Scenario >

Creating Users in the LDAP/ADS Directory

Create three users in the LDAP/ADS directory, as described in Table 7. Specify attribute names, such as uid and userPassword for an LDAP directory, as suggested here. Your entries may vary based on how you assign attributes in Setting Up the LDAP/ADS Directory.

Table 7. Records in the LDAP/ADS Directory
Type of User
Siebel User ID Attribute
(uid for LDAP or sAMAccountName for ADS)
(userPassword attribute for LDAP or ADS password for ADS)
Database Account Attribute (dbaccount)

Anonymous user

Enter the user ID of the anonymous user record for the Siebel application you are implementing.

  • You can use a seed data anonymous user record for a Siebel customer or partner application. For example, if you implement Siebel Service, enter GUESTCST.
  • You can create a new user record or adapt a seed anonymous user record for a Siebel employee application.
  • The anonymous user is required even if the application does not allow access by unregistered users.

For more information, see Configuring the Anonymous User.

GUESTPW or a password of your choice

username = LDAPUSER password=P

Application user

APPUSER or a name of your choice

APPUSERPW or a password of your choice

A database account is not used for the application user.

A test user

TESTUSER or a name of your choice

TESTPW or a password of your choice

Database account is not required for any user record, except the anonymous user.

NOTE:  The specific user and password entries are only suggested. You may vary those entries.

This example implements a shared credential. The database account for all users is stored in one object in the directory. In this example, the shared database account is stored in the anonymous user record. The database account must match the database account you reserve for externally authenticated users described in Creating a Database Login. The P symbol represents the password in that database account.

NOTE:  In a production environment, do not use the anonymous user as the directory object that contains the shared credential. To do so could allow a user with minimum responsibility to log in directly to the directory server and view shared database credentials. Using these database credentials, a user could log in directly to the Siebel Database and see data that he or she does not have the assigned visibility level to see.

For information about formatting requirements for the database account attribute entry, see Requirements for LDAP/ADS Directory.

CAUTION:  Make sure the application user has write privileges to the directory because the security adapter uses application user credentials when using the self-registration component. The application user must also have search privileges for all user records.

Optionally, complete other attribute entries for each user.

Security Guide for Siebel Business Applications