|Bookshelf Home | Contents | Index | Search | PDF|
Siebel Interactive Selling Transact Server Interface Reference > Authentication and Login Support > Setting LDAP Properties >
During installation, the initial_login_setup script creates the necessary LDAP directory structure. This file uses one or more of the command-line functions. The initial_login_setup script file inserts security information that is required by WebLogic. Transact setup adds sample users and accounts. This gives WebLogic the basic information it needs to start up correctly.
The information in LDAP needs to be updated and maintained. You must write script files using the command-line functions to add, delete, and modify users, groups, ACL, and permissions. In addition, you can enroll users as members of selected groups, which automatically gives them the permissions for that group. See the following section, Sample Script Templates, for sample script templates you can use to base your script on.
You can implement the following functions in your script.
Add Group Member cmd=addgroupmember;tgtgroup=everyone;user=johnThis command adds an existing user to the specified group. In the example above, this command adds user john to the target group everyone.cmd=initload must be run before running this command. See Init Load for more information. Add Owner cmd=addowner;owneruser=system;theuser=john;acl=WebLogic. properties.LoginProcessEach ACL must have an owner. The owner is specified when the ACL is created. The owner has the rights to add permissions to a user for the ACL, add other users as owners, and delete the ACL. This command adds the user john as one of the owners to the ACL WebLogic.properties.LoginProcess after making sure the owner user is system. Create Context cmd=createcontextThis command creates a directory structure in the LDAP system. If the structure already exists, the command throws an exception. This command is used by the initial_login_setup script file that is run during installation to create the structure of the LDAP system. Delete ACL cmd=delacl;user=john;acl=WebLogic.servlet.LoginProcessThis command deletes the specified ACL. The specified user must have the owner rights to delete an ACL. In the example above, the ACL WebLogic.servlet.LoginProcess is deleted by the user john. Delete Context cmd=deletecontextThis command deletes the directory structure that was created by the createcontext in the LDAP system. Delete Group cmd=delgroup;group=everyoneThis command deletes groups from the LDAP system. In the example above, the group everyone is deleted from the LDAP system. Delete Group Member cmd=delgroupmember;tgtgroup=everyone;user=johnThis command deletes group members from the LDAP system. In the example above, the user john is removed from the group everyone. Delete Owner cmd=delowner;owneruser=system;theuser=john;acl=WebLogic. properties.LoginProcessThis command deletes ACL owners from the LDAP system. In the example above, the user john is removed from being the owner of the ACL WebLogic.properties.LoginProcess. The owneruser must be an owner of the ACL in order for this command to execute successfully. Delete Permission cmd=delpermission;permission=writeThis command deletes the specified permission from the LDAP system. In the example above, the permission write is deleted from the LDAP system. Delete User cmd=deluser;user=johnThis command deletes users from the LDAP system. In the example above, the user john is deleted from the LDAP system. Init Load cmd=initloadThis command instructs the program to load the data in the LDAP system into the cache. This command needs to be run before the following command can be run. New ACL cmd=newacl;acl=LogOut;user=johnThis command creates a new ACL with john as its owner. Only the owner/s will be able to add users/groups as users/owners with permissions to the ACL. The ACL is a resource that needs restricted access, and it contains data as to who (what users) can access the resource and how the permissions can use it.You must log on as directory manager (cn = Directory Manager) to use this command. The directory manager is set in the LDAP Principal and LDAP Credential properties in the property editor. New Group cmd=newgroup;group=everyoneThis command creates a new group in the LDAP system. In the example above, this command creates a new group called everyone in the structure ou=Groups, o=your_org.com. In the course of maintenance, Siebel application users will need to add and remove groups. This API will help in creating groups relevant to your organization. New Permission cmd=newpermission;permission=read
cmd=newpermission;permission=writeThis command creates a new permission in the LDAP system which can then be used to limit access to resources. In the example above, these commands create new permissions in the LDAP structure cn=permissions, cn=eAdvisor,o=your_org.com.
New User cmd=newuser;user=john;credential=johnYou can add users using this command or by using the GUI tool provided by the LDAP server.This command adds a new user and associated password to the LDAP system. In the example above, this command creates a new user called john with john as the password in the structure ou=People, o=your_org.com.You must log on as directory manager to use the NewUser API. The directory manager is set in the LDAP Principal and LDAP Credential properties under Login and Authentication in the property editor.The user "guest" created by the Transact LDAP setup is reserved for internal use by Transact. You cannot log into Transact using the "guest" user. Set Permission cmd=setpermission;acl=LogOut;type=allow;permission=*;for user=john;owneruser=system
cmd=setpermission;acl=LogOut;type=allow;permission=*; forgroup=everyone;owneruser=systemThe above commands create a record under the given ACL for the given user or group that specifies the specific permissions that the given user or the group has to the specified ACL.The type contains one of two values: allow or disallow. If allow is specified, the specified permissions are positive, which means the user is allowed those permissions. If disallow is specified, the permissions are negative, which means the user is denied those permissions.You must log on as directory manager to use the SetPermission API. The directory manager is set in the LDAP Principal and LDAP Credential properties in the property editor.
|Bookshelf Home | Contents | Index | Search | PDF|
Siebel Interactive Selling Transact Server Interface Reference
Published: 18 April 2003