|Bookshelf Home | Contents | Index | PDF|
Create three users in the LDAP/ADS directory, as described in Table 7. Specify attribute names, such as uid and userPassword for an LDAP directory, as suggested here. Your entries may vary based on how you assign attributes in Setting Up the LDAP/ADS Directory.
This example implements a shared credential. The database account for all users is stored in one object in the directory. In this example, the shared database account is stored in the anonymous user record. The database account must match the database account you reserve for externally authenticated users described in Creating a Database Login. The
NOTE: In a production environment, do not use the anonymous user as the directory object that contains the shared credential. To do so could allow a user with minimum responsibility to log in directly to the directory server and view shared database credentials. Using these database credentials, a user could log in directly to the Siebel Database and see data that he or she does not have the assigned visibility level to see.
For information about formatting requirements for the database account attribute entry, see Requirements for LDAP/ADS Directory.
CAUTION: Make sure the application user has write privileges to the directory because the security adapter uses application user credentials when using the self-registration component. The application user must also have search privileges for all user records.
|Security Guide for Siebel Business Applications|