|
Siebel Security Guide > Security Adapter Authentication > Process of Implementing LDAP or ADSI Security Adapter Authentication >
Creating Users in the LDAP Directory or Active Directory
This topic describes the users you must create in the LDAP directory or Active Directory to implement LDAP or ADSI security adapter authentication. This task is a step in Process of Implementing LDAP or ADSI Security Adapter Authentication. When you use LDAP or ADSI authentication, you must create the following users in the directory:
- Application user
Make sure the application user has write privileges to the directory because the security adapter uses application user credentials when using the self-registration component. The application user must also have search privileges for all user records. For additional information, see Configuring the Application User.
- Anonymous user
You must define an anonymous user even if your application does not allow access by unregistered users. For more information, see Configuring the Anonymous User.
- Records for each user of the Siebel application
Initially, create a test user to verify the authentication system.
- (Optional) A shared credentials user account
You can also store credentials for the shared database account as profile parameters for the LDAP or ADSI security adapter profiles. For more information, see Configuring the Shared Database Account.
Create users in the directory using values similar to those shown in Table 12. Store information for users in the directory attributes indicated in Setting Up the LDAP Directory or Active Directory. Optionally, complete other attribute entries for each user.
Table 12. Records in the LDAP Directory or Active Directory
|
|
|
|
Anonymous user |
Enter the user ID of the anonymous user record for the Siebel application you are implementing.
- You can use a seed data anonymous user record for a Siebel customer or partner application. For example, if you implement Siebel eService, enter
GUESTCST.
- You can create a new user record or adapt a seed anonymous user record for a Siebel employee application.
|
GUESTPW or a password of your choice.
|
A database account is not required for the anonymous user if a shared database credentials account is implemented; the database credentials for the anonymous user are read from the shared database account user record or the relevant profile parameter of the LDAP or ADSI security adapter. |
Application user |
APPUSER or a name of your choice.
|
APPUSERPW or a password of your choice.
|
A database account is not used for the application user. |
A test user |
TESTUSER or a name of your choice.
|
TESTPW or a password of your choice.
|
Database account is not required for any user record, except the anonymous user or the shared credentials user account. |
Shared database credentials account user |
SharedDBUser or a name of your choice.
The user name and password you specify for the shared database account must be a valid Siebel user name and password. |
SharedDBPW or a password of your choice.
|
username=
SHAREDDBUSER password=P
For information about formatting requirements for the database account attribute entry, see About Setting Up the LDAP Directory or Active Directory. |
The example directory entries in Table 12 implement a shared credential. The database account for all users is stored in one object in the directory. In this example, the shared database account is stored in the SharedDBUser record. The database account must match the database account you reserve for externally authenticated users which is described in About Creating a Database Login for Externally Authenticated Users. The P symbol represents the password for that database account. For additional information, see Configuring the Shared Database Account.
|
