Siebel Analytics Server Administration Guide > Security > Authentication Options >

LDAP Authentication


Instead of storing user IDs and passwords in a Siebel Analytics Server repository, you can have the Siebel Analytics Server pass the user ID and password entered by the user to an LDAP server for authentication. The server uses clear text passwords in LDAP authentication. Make sure your LDAP servers are set up to allow this.

In addition to basic user authentication, the LDAP server can also provide the Siebel Analytics Server with other information, such as the user display name (used by Siebel Analytics Web) and the name of any groups to which the user belongs. The LDAP server can also provide the names of specific database catalogs or schemas to use for each user when querying data. This information is contained in LDAP variables which get passed to Siebel Analytics session variables during the process of user authentication. For more information about session variables, see About Session Variables.

Setting Up LDAP Authentication

LDAP authentication uses Siebel Analytics session variables, which you define using the Variable Manager of the Administration Tool. For more information about the Variable Manager, see Using the Variable Manager.

Session variables get their values when a user begins a session by logging on. Certain session variables, called system session variables, have special uses. The variable USER is a system variable that is used with LDAP authentication. For more information about the USER system variable, see Using System Session Variables.

To configure LDAP authentication, you define a system variable called USER and associate it with an LDAP initialization block, which is associated with an LDAP server. Whenever a user logs into the Siebel Analytics Server, the user ID and password will be passed to the LDAP server for authentication. Once the user is authenticated successfully, other session variables for the user could also be populated from information returned by the LDAP server.

The following discussion assumes that an LDAP initialization block has already been defined. Setting up an LDAP initialization block is explained in Configuring an LDAP Server.

NOTE:  The presence of a defined session system variable USER determines that external authentication is done. Associating USER with an LDAP initialization block determines that the user will be authenticated by LDAP. To provide other forms of authentication, associate the USER variable with an initialization block associated with an external database or XML source. For details, see External Table Authentication.

To define the USER session system variable for LDAP authentication

  1. Select Manage > Variables from the Administration Tool menu.
  2. Select the System leaf of the tree in the left pane.
  3. Right-click on the right pane and select New USER.
  4. The Session Variable - User dialog box appears.

  5. Select the appropriate LDAP initialization block from the Initialization Block drop-down list.
  6. The selected initialization block provides the USER session system variable with its value.

  7. Click OK to create the USER variable.

Setting the Logging Level

Use the system variable LOGLEVEL to set the logging level for users who are authenticated by an LDAP server. See Setting a Logging Level for more information.


 Siebel Analytics Server Administration Guide 
 Published: 23 June 2003