Bookshelf Home | Contents | Index | PDF     

Security Guide for Siebel Business Applications > Security Adapter Authentication > Security Adapter Deployment Options >

Configuring the Shared Database Account

The shared database account option can be implemented in the following authentication strategies:

  • Security adapter authentication: LDAP, ADSI, custom (not database authentication)
  • Web SSO authentication

You can configure your authentication system so that a designated directory entry contains a database account that is shared by many users.

By default, the shared database account option is not implemented, and each user's database account exists in an attribute of that user's record in the directory. Because all externally authenticated users share one or a few database accounts, the same credentials are duplicated many times. If those credentials must be changed, you must edit them for every user. By implementing a shared credential, you can reduce directory administration.

The shared database account option is used differently by LDAP and ADSI:

  • For LDAP, if the shared database account is specified, then database credentials are always retrieved from that account.
  • For ADSI, if the shared database account is specified, then database credentials are retrieved from a user if they are available to be extracted. If database credentials are not available from the user, they are instead retrieved from the shared database account.

To configure a shared database account

  1. Create a database account to be shared by all users who log into a given Siebel application.
  2. Create a designated entry in the directory, and enter the username and password parameters for the common database account in one of that entry's attributes, such as the dbaccount attribute. You may need to create this attribute.

    For information about formatting a directory attribute that contains the database account, see Requirements for LDAP/ADS Directory.

  3. For each security adapter (such as LDAPSecAdpt) that implements this shared database account, define the following parameter values:
    • CredentialsAttributeType = attribute in which the database account is stored in the directory, such as dbaccount
    • SharedCredentialsDN = the distinguished name (including quotes) for the designated entry, such as "uid=SHAREDENTRY, ou=People, o=companyname.com"

For information about setting Siebel application configuration file parameters, see Siebel Application Configuration File Parameters.

    
Security Guide for Siebel Business Applications