|
Security Guide for Siebel eBusiness Applications > Security Adapter Authentication > Setting Up Security Adapter Authentication: A Scenario >
Editing Parameters Using Siebel Server Manager
Several security-related configuration parameters you use for configuring an LDAP or ADSI security adapter are defined in the Siebel Gateway Name Server. You configure these parameters using Siebel Server Manager. Set each parameter as described in the subsection where it is listed, following any guidelines provided. For more information about these parameters, see Siebel Gateway Name Server Parameters. Parameters for Enterprise, Siebel Servers, or Components
Table 9 lists parameters you can set at the Enterprise level, at the Siebel Server level, or at the component level. Applicable components for which you can set these parameters include all AOM components and the Synchronization Manager component (for Siebel Remote). For this scenario, set the parameters for the applicable AOM component, such as for Siebel Call Center or Siebel eService. NOTE: You can modify these configuration parameters using Siebel Server Manager, or you can do so using the LDAP/ADSI Configuration Utility. For more information, see Using the LDAP/ADSI Configuration Utility.
Table 9. Siebel Gateway Name Server Parameters (for Enterprise, Server, or Component)
|
|
|
Security Manager |
Security Adapter Mode (SecAdptMode)
|
The security adapter mode to operate in:
- For LDAP, specify
LDAP.
- For ADSI, specify
ADSI.
|
Security Adapter Name (SecAdptName)
|
The name of the security adapter.
- For LDAP, specify
LDAPSecAdpt or another name of your choice.
- For ADSI, specify
ADSISecAdpt or another name of your choice.
The name represents the alias for the enterprise profile (named subsystem) for the specified security adapter. |
Parameters for AOM Components
Table 10 lists parameters you would set on the AOM.
Table 10. Siebel Gateway Name Server Parameters (for AOM)
|
|
|
Object Manager |
OM - Proxy Employee
|
Enter PROXYE. |
OM - Username BC Field
|
For this scenario, leave this parameter empty. |
Parameters for Security Adapter (Profile/Named Subsystem)
Table 11 lists parameters you would set for the enterprise profile (named subsystem) for the specific security adapter you are configuring. For this scenario, you configure parameters for one of the following (defined as enterprise profile or named subsystem):
- LDAP Security Adapter. Typically, the alias for this adapter is
LDAPSecAdpt.
- ADSI Security Adapter. Typically, the alias for this adapter is
ADSISecAdpt.
NOTE: You can modify these configuration parameters using Siebel Server Manager, or you can do so using the LDAP/ADSI Configuration Utility. For more information, see Using the LDAP/ADSI Configuration Utility.
Table 11. Siebel Gateway Name Server Parameters (for Enterprise Profile/Named Subsystem)
|
|
Security Adapter Dll Name (SecAdptDllName)
|
For LDAP, enter sscfldap. For ADSI, enter sscfadsi.
- Do not include the file extension (for example, do not specify
sscfldap.dll for LDAP).
- The specified value is converted internally to the actual filename for your operating system.
|
Server Name (ServerName)
|
For LDAP and ADSI, enter the name of the machine on which the LDAP or ADS server runs. |
Port (Port)
|
- For LDAP, an example entry is
389. Typically, use port 389 for standard transmission or port 636 for secure transmission.
- For ADSI, you set the port at the ADS directory level, not as a configuration parameter.
|
Base DN (BaseDN)
|
The Base Distinguished Name is the root of the tree under which users are stored. Users can be added directly or indirectly below this directory. You cannot distribute the users of a single Siebel application in more than one base DN. However, you can distribute them in multiple subdirectories—such as organization units (OU), which are used for LDAP. LDAP example entry (including quotes): "ou=People, o=domainname"
In the example, "o" denotes "organization" and is the domain name system (DNS) name for this server, such as machine.company.com. "ou" denotes "organization unit" and is the name of a subdirectory in which users are stored. ADSI example entry (including quotes): "CN=Users, DC=machinename, DC=domainname, DC=com"
Domain Controller (DC) entries are the nested domains that locate this server. Common Name (CN) entries are the specific paths for user objects in the directory. Therefore, adjust the number of DC and CN entries to represent your architecture. |
Username Attribute Type (UsernameAttributeType)
|
LDAP example entry is uid ADSI example entry is sAMAccountName If you use a different attribute in the directory for the Siebel user ID, enter that attribute name. |
Password Attribute Type (PasswordAttributeType)
|
The LDAP entry must be userPassword. If a different value is specified, the LDAP security adapter will not function properly. ADS does not store the password in an attribute, so this parameter is not used with the ADSI security adapter. |
Credentials Attribute Type (CredentialsAttributeType)
|
LDAP example entry is mail ADSI example entry is physicalDeliveryOfficeName If you used a different attribute in the directory for the database account, enter that attribute name. |
Application User (ApplicationUser)
|
LDAP example entry (including quotes): "uid=APPUSER, ou=People, o=domainname"
ADSI example entry (including quotes): "CN=APPUSER, CN=Users, DC=machinename, DC=domainname, DC=com"
Adjust your entry if your implementation uses a different attribute for the user name, a different user name for the application user, or a different base DN. |
Application Password (ApplicationPassword)
|
For LDAP and ADSI, enter APPUSERPW or the password assigned to the application user. |
Shared Credentials DN (SharedCredentialsDN)
|
- LDAP example entry (including quotes):
"uid=anonymous user User ID, ou=People, o=domainname"
For example: "uid=GUESTCST, ou=People, o=siebel.com"
- ADSI example entry (including quotes):
"CN=anonymous user User ID, CN=Users, DC=machinename, DC=domainname, DC=com"
For example: "CN=GUESTCST, CN=Users, DC=qa1, DC=siebel, DC=com"
|
|
