|
Siebel Security Guide > Security Adapter Authentication > Process of Implementing LDAP or ADSI Security Adapter Authentication >
Creating Users in the LDAP or ADSI Directory
This topic describes the users you have to create in the LDAP or ADSI directory to implement LDAP or ADSI security adapter authentication. This task is step in Process of Implementing LDAP or ADSI Security Adapter Authentication. When you use LDAP or ADSI authentication, you must create the following users in the directory:
- Application user
Make sure the application user has write privileges to the directory, because the security adapter uses application user credentials when using the self-registration component. The application user must also have search privileges for all user records. For additional information, see Configuring the Application User.
- Anonymous user
You must define an anonymous user even if your application does not allow access by unregistered users. For more information, seeConfiguring the Anonymous User.
- Records for each user of the Siebel application
Initially, create a test user to verify the authentication system.
- (Optional) Create a shared credentials user account.
For more information, see Configuring the Shared Database Account.
NOTE: If you use an LDAP security adapter, you can also store credentials for the shared database account as profile parameters for the LDAP security adapter.
Create three users in the LDAP or ADSI directory using values similar to those shown in Table 12. Specify attribute names, such as uid and userPassword for an LDAP directory, as suggested here. Your entries might vary based on how you assign attributes in Setting Up the LDAP or ADSI Directory.
Table 12. Records in the LDAP or ADSI Directory
|
(uid for LDAP or sAMAccountName for Active Directory) |
(userPassword attribute for LDAP or Active Directory password for AD) |
Database Account Attribute (dbaccount) |
Anonymous user |
Enter the user ID of the anonymous user record for the Siebel application you are implementing.
- You can use a seed data anonymous user record for a Siebel customer or partner application. For example, if you implement Siebel eService, enter
GUESTCST.
- You can create a new user record or adapt a seed anonymous user record for a Siebel employee application.
|
GUESTPW or a password of your choice
|
A database account is not required for the anonymous user if a shared database credentials account is implemented; the database credentials for the anonymous user are read from the shared database account user record or the relevant profile parameter of the LDAP security adapter. |
Application user |
APPUSER or a name of your choice
|
APPUSERPW or a password of your choice
|
A database account is not used for the application user. |
A test user |
TESTUSER or a name of your choice
|
TESTPW or a password of your choice
|
Database account is not required for any user record, except the anonymous user or the shared credentials user account. |
Shared database credentials account user |
SharedDBUser or a name of your choice The user name and password you specify for the shared database account must be a valid Siebel user name and password. |
SharedDBPW or a password of your choice |
username=SHAREDDBUSER password=P For information about formatting requirements for the database account attribute entry, About Setting Up the LDAP or ADSI Directory. |
The example directory entries in Table 12 implement a shared credential. The database account for all users is stored in one object in the directory. In this example, the shared database account is stored in the SharedDBUser attribute. The database account must match the database account you reserve for externally authenticated users described in About Creating a Database Login. The P symbol represents the password in that database account. Optionally, complete other attribute entries for each user.
|
