Security Guide for Siebel Business Applications > Security Adapter Authentication >
Using the LDAP/ADSI Configuration Utility
Siebel Systems provides the LDAP/ADSI Configuration Utility to help you configure your Siebel Business Applications to authenticate against an external LDAP or ADS directory.
The utility provides a graphical user interface (GUI) to update configuration parameters, whether those stored in the Siebel Gateway Name Server or those stored in Siebel application configuration files (when configuring Siebel Developer Web Clients).
The utility is installed with the Siebel Server. After installation and configuration of the Siebel Enterprise, you can run this utility as a stand-alone program.
- On Windows platforms, the utility runs in console mode.
- On UNIX platforms, the utility runs in command-line mode.
The LDAP/ADSI Configuration Utility comprises the configuration executable program used by multiple Siebel modules (including the main Siebel Software Configuration Utility used for configuring the Siebel Enterprise and the SWSE) and the model file that provides specific LDAP/ADSI configuration functionality.
- The executable program, located in the bin subdirectory of the Siebel Server installation directory, is named ssincfgw.exe on Microsoft Windows platforms, and named icfg on UNIX platforms.
- The model file, located in the admin subdirectory of the Siebel Server installation directory, is named secadpt.scm.
For information about using the main Siebel Software Configuration Utility, see Siebel Installation Guide for the operating system you are using.
The full name for the LDAP/ADSI Configuration Utility is Siebel Software Configuration Utility - LDAP/ADSI Security Adapter Configuration. This name appears in the title bar of the utility's title bar (in console mode).
When you are configuring Siebel Gateway Name Server parameters, then the Name Server must be running. Otherwise, there are no special setup requirements to run the utility.
NOTE: The utility works best if run locally rather than over the network. Therefore, it is recommended that you run the utility from the Siebel Server machine.
Figure 6 shows an example screen (for Windows platforms).
Figure 6. LDAP/ADSI Configuration Utility (Windows version)
When you specify the security adapter mode, either LDAP or ADSI, the setting you make provides the value (either
ADSI) for the
Security Adapter Mode (
You also specify the name of the LDAP or ADSI security adapter. This setting provides the value of the
Security Adapter Name (
SecAdptName) parameter. You can use the default name or specify a different name. If an enterprise profile (named subsystem) does not already exist with the name you specified, the utility creates a new enterprise profile using that name.
- For LDAP,
Security Adapter Name defaults to
- For ADSI,
Security Adapter Name defaults to
Security Adapter Mode and
Security Adapter Name parameters can be set for the Siebel Enterprise Server, for a particular Siebel Server, for an individual AOM component, or for the Synchronization Manager component (for Siebel Remote).
CAUTION: If you want to configure a server component or a Siebel Server to use different LDAP or ADSI authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then you should create a new LDAP or ADSI security adapter. Otherwise, settings you make will reconfigure the existing security adapter wherever it is used.
Additional configuration parameters will be defined for the particular LDAP or ADSI security adapter—that is, for the
ADSISecAdpt enterprise profile or for a similar profile using a nondefault name. As an example of a parameter defined for the security adapter, the
Security Adapter Dll Name (
SecAdptDllName) parameter is automatically set when you specify LDAP or ADSI as the security adapter mode.
NOTE: The utility sets authentication-related configuration parameters for Siebel Business Applications, but does not make changes to the LDAP/ADS directory. Make sure the configuration information you enter is compatible with your directory server.