|
Siebel Security Guide > Security Adapter Authentication > Process of Implementing LDAP or ADSI Security Adapter Authentication >
Configuring Security Adapter Gateway Name Server Parameters
This topic describes the security-related configuration parameters you use for configuring an LDAP or ADSI security adapter that are defined in the Siebel Gateway Name Server. You can modify Gateway Name Server configuration parameters using Siebel Server Manager, or you can do so using the Siebel Configuration Wizard. For information on editing Gateway Name Server parameters using the Siebel Configuration Wizard, see Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard. For information on using Siebel Server Manager to edit Gateway Name Server parameters, see Siebel System Administration Guide. This task is a step in Process of Implementing LDAP or ADSI Security Adapter Authentication. You can set Gateway Name Server security adapter parameters for the following:
Set security adapter parameters as described in each of these topics. For more information about these parameters, see Siebel Gateway Name Server Parameters. Parameters for Enterprise, Siebel Servers, or Components
This topic lists security adapter parameters you can set at the Gateway Name Server level, at the Enterprise level, at the Siebel Server level, or at the component level. Applicable components for which you can set these parameters include all Application Object Manager components and the Synchronization Manager component (for Siebel Remote). To implement LDAP or ADSI authentication for a single Siebel application, set the parameters for the applicable Application Object Manager component, such as for Siebel Call Center or Siebel eService, using values similar to those in Table 13.
Table 13. Siebel Gateway Name Server Parameters (for Enterprise, Server, or Component)
|
|
|
Security Manager |
Security Adapter Mode (SecAdptMode) |
The security adapter mode to operate in:
- For LDAP, specify
LDAP.
- For ADSI, specify
ADSI.
|
Security Adapter Name (SecAdptName) |
The name of the security adapter.
- For LDAP, specify
LDAPSecAdpt or another name of your choice.
- For ADSI, specify
ADSISecAdpt or another name of your choice.
The name represents the alias for the enterprise profile (named subsystem) for the specified security adapter. |
Parameters for Application Object Manager Components
This topic lists parameters you set for the Application Object Manager component when implementing LDAP or ADSI authentication for a single Siebel application. To implement LDAP or ADSI authentication for a single Siebel application, set the parameters for the applicable Application Object Manager component, such as for Siebel Call Center or Siebel eService, using values similar to those shown in Table 14.
Table 14. Siebel Gateway Name Server Parameters (for Application Object Manager)
|
|
|
InfraUIFramework |
AllowAnonUsers |
Enter TRUE for LDAP or ADSI. Set this parameter to FALSE if your Siebel application does not use functionality that requires anonymous browsing, such as anonymous catalog browsing or user self-registration. |
Object Manager |
OM - Proxy Employee (ProxyName) |
Enter PROXYE. |
OM - Username BC Field (UsernameBCField) |
You can leave this parameter empty. |
Parameters for Security Adapter (Profile/Named Subsystem)
This topic lists parameters you set for the enterprise profile (named subsystem) for the specific security adapter you are configuring. To implement LDAP or ADSI authentication for a single Siebel application, configure parameters for one of the following (defined as enterprise profile or named subsystem):
- LDAP Security Adapter. Typically, the alias for this adapter is
LDAPSecAdpt.
- ADSI Security Adapter. Typically, the alias for this adapter is
ADSISecAdpt.
Set the security adapter parameters using values similar to those shown in Table 15.
Table 15. Siebel Gateway Name Server Parameters (for Enterprise Profile/Named Subsystem)
|
|
Security Adapter Dll Name (SecAdptDllName) |
- For LDAP, e
nter sscforacleldap.dll.
- For ADSI, enter
sscfadsi.
Do not include the file extension (for example, do not specify sscforacleldap.dll for LDAP). The specified value is converted internally to the actual filename for your operating system. |
Server Name (ServerName) |
Enter the name of the computer on which the LDAP directory or Active Directory server runs. Do not specify the IP address of the Active Directory server for the Server Name parameter. |
Port (Port) |
- For LDAP, an example entry is
389. Typically, use port 389 for standard transmission or port 636 for secure transmission.
- For Active Directory, you set the port at the Active Directory level, not as a configuration parameter.
|
Base DN (BaseDN) |
The Base Distinguished Name is the root of the tree under which users are stored. Users can be added directly or indirectly below this directory. You cannot distribute the users of a single Siebel application in more than one base DN. However, you can distribute them in multiple subdirectories, such as organization units (OU), which are used for LDAP. LDAP example entry: ou=people, o=domainname
In the example, "o" denotes "organization" and is the domain name system (DNS) name for this server, such as computer.example.com. "ou" denotes "organization unit" and is the name of a subdirectory in which users are stored. ADSI example entry: ou=people, DC=domainname, DC=com
Domain Controller (DC) entries are the nested domains that locate this server. Therefore, adjust the number of DC entries to represent your architecture. |
Username Attribute Type (UsernameAttributeType) |
LDAP example entry is uid ADSI example entry is sAMAccountName If you use a different attribute in the directory for the Siebel user ID, then enter that attribute name. |
Password Attribute Type (PasswordAttributeType) |
The LDAP entry must be userPassword. However, if you use the LDAP security adapter to authenticate against Microsoft Active Directory, then set the value of this parameter to unicodePWD. Active Directory does not store the password in an attribute so this parameter is not used by the ADSI security adapter. You must, however, specify a value for the Password Attribute Type parameter even if you are using the ADSI security adapter. Specify a value of unicodePWD. |
Credentials Attribute Type (CredentialsAttributeType) |
If you are using an LDAP security adapter, an example entry is mail. If you are using an ADSI security adapter, an example entry is physicalDeliveryOfficeName. If you used a different attribute in the directory for the database account, then enter that attribute name. |
Application User (ApplicationUser) |
LDAP example entry: uid=APPUSER, ou=people, o=domainname
ADSI example entry: CN=APPUSER, ou=people, DC=computername, DC=domainname, DC=com
Adjust your entry if your implementation uses a different attribute for the user name, a different user name for the application user, or a different base DN. |
Application Password (ApplicationPassword) |
For LDAP and ADSI, enter APPUSERPW or the password assigned to the application user. |
Shared Credentials DN (SharedCredentialsDN) |
- LDAP example entry:
uid=shared database account user User ID, ou=people, o=domainname
For example:
uid=SharedDBUser, ou=people, o=example.com
- ADSI example entry:
CN=shared database account user User ID, ou=people, DC=computername, DC=domainname, DC=com
For example:
CN=SharedDBUser, ou=people, DC=qa1, DC=example, DC=com
|
|
