Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options > Configuring the Application UserThis topic describes how to configure the directory application user. The application user is not an actual user who logs into an application; it is a special user defined to handle access to the directory. The application user is the only user with search and write privileges to the LDAP or ADSI directory and this user must be defined in the following authentication strategies that implement a Siebel security adapter:
By setting up an application user as the only user with search, read, and update privileges to the directory, you minimize the level of access of all other users to the directory and the administration required to provide such access. The application user is defined in the directory with the following qualities:
You maintain an unencrypted password for the application user in the directory, while an encrypted version of the password is used in other phases of the authentication process. An encryption algorithm is applied to the application user password before it is sent to the database. The application user login must also be set up with the encrypted version of the password. Perform the following procedure to define the application user. To configure the application user
For information about setting Siebel Gateway Name Server configuration parameters, see Siebel Gateway Name Server Parameters. For Developer Web Client, define these parameters in the corresponding section in the application configuration file, such as uagent.cfg for Siebel Call Center. Application User and Password Expiration PoliciesTypically, user administration in an LDAP or ADSI directory is performed through the application user. In addition, user policies that are set for the entire directory apply to the application user as well as to all other users. If you implement a password expiration policy in the directory, exempt the application user from the policy so the application user's password will not expire. To do this, set the application user's password policy explicitly after the application user sets the password policy for the whole directory. For more information about account policies and password expiration, see Login Security Features. |
Siebel Security Guide | Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |