Bookshelf Home | Contents | Index | PDF |
Security Guide for Siebel Business Applications > Security Adapter Authentication > About LDAP/ADSI Security Adapter Authentication > Requirements for LDAP/ADS DirectoryIf you are using LDAP or ADSI authentication, you must provide your own directory product, whether it is one of the directory servers supported by Siebel-provided security adapters or another directory of your choice. For specific information about third-party products supported by Siebel Business Applications, see System Requirements and Supported Platforms on Siebel SupportWeb for your Siebel application.
Data Requirements for DirectoryYour LDAP/ADS directory must store, at a minimum, the following data for each user. Each piece of data is contained in an attribute of the directory.
You can use other user attributes to store whatever data you want, such as first and last name. Authentication options that you choose may require that you commit additional attributes. If you create a new attribute object for your directory to store Siebel attributes (for example, Siebel User ID), you can use the Private Enterprise Number that Siebel Systems has registered with the Internet Assigned Numbers Authority (http://www.iana.org) to provide a unique X500 Object ID. This number is 1.3.6.1.4.1.3856.*. An additional type of data, roles, is supported, but is not required. Roles are an alternate means of associating Siebel responsibilities with users. Responsibilities are typically associated with users in the Siebel Database, but they can instead be stored in the directory. Leave role values empty to administer responsibilities from within Siebel Business Applications. For more information, see Configuring Roles Defined in Directory. User Privileges for DirectoryDepending on your authentication and registration strategies and the options that you implement within your strategy, you must define users in the directory that read and may possibly write user information in the directory. It is critical that users who read or write data in the directory have appropriate search and write privileges to the directory. NOTE: For ADSI authentication, it is recommended to use the Delegate Control Wizard to define privileges for users in the ADS directory. You must create the following user:
LDAP Security Adapter RequirementsIf you are using LDAP authentication with any supported LDAP directory product, you must confirm that the IBM LDAP Client software that is provided by Siebel Systems is installed. If this LDAP Client is not yet installed, then you must manually install it.
For IBM LDAP Client installation instructions, see Installing LDAP Client Software. ADSI Security Adapter RequirementsIf you are running the Siebel Server on supported Microsoft Windows platforms and you are using ADSI authentication, you must meet the requirements described here. For more information about some of these issues, refer to your Microsoft Active Directory documentation.
To confirm successful installation of a Siebel-supported ADSI client
|
Security Guide for Siebel Business Applications |