Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options >

Configuring the Shared Database Account

You can configure your authentication system so that a designated directory entry contains a database account that is shared by many users; this is the shared database account.

The shared database account option can be implemented in the following authentication strategies:

• Security adapter authentication: LDAP, ADSI, custom (not database authentication)
• Web SSO authentication

By default, the shared database account option is not implemented, and each user's database account exists in an attribute of that user's record in the directory. Because all externally authenticated users share one or a few database accounts, the same credentials are duplicated many times. If those credentials must be changed, you must edit them for every user. By implementing a shared credential, you can reduce directory administration.

The shared database account option is used differently by the LDAP and ADSI security adapters:

• For LDAP, the shared database account can be specified as profile parameters for the LDAP Security Adapter profile (alias LDAPSecAdpt) or as an attribute of the shared database account record in the LDAP directory.
• For ADSI, if the shared database account is specified, then database credentials are retrieved from a user if they are available to be extracted. If database credentials are not available from the user, they are instead retrieved from the shared database account.

The following topics describe in more detail how the LDAP and ADSI directory servers use the shared database account option.

Storing Shared Database Credentials as Attributes of the Directory Entry

This topic describes how to implement a shared database account and store the database credentials as attributes of the directory entry you create for the shared database account. This option is available to you when you use an ADSI directory or an LDAP directory.

To store the database credentials in an attribute of the directory entry

1. Create a database account to be shared by all users who log into a given Siebel application.

   For additional information on this task, see About Creating a Database Login.

2. Create a designated entry in the directory, and enter the user name and password for the common database account in one of that entry's attributes, such as the dbaccount attribute. You might have to create this attribute.

   NOTE:  The user name and password you specify for the shared database account must be a valid Siebel user name and password.

   For information about formatting a directory attribute that contains the database account, see Requirements for the LDAP or ADSI Directory.

3. For each security adapter that implements this shared database account, define the following parameter values:
   • CredentialsAttributeType. Enter the attribute in which the database account is stored in the directory, such as dbaccount
   • SharedCredentialsDN. Enter the distinguished name (including quotes) for the designated entry, such as "uid=SharedDBUser, ou=people, o=companyname.com"

For information about setting Siebel Gateway Name Server configuration parameters, see Siebel Gateway Name Server Parameters. For Developer Web Client, define these parameters in the corresponding section in the application configuration file.

Storing the Database Credentials as Profile Parameters

This topic describes how to configure a shared database account for an LDAP directory and store the database credentials as parameters of the LDAP Security Adapter profile (alias LDAPSecAdpt). This option is available to you only when you use LDAPSecAdpt.

Do not use this option if you have to store more than one set of database credentials as only one set of database credentials can be stored as profile parameters.

To store the database credentials as profile parameters

1. Navigate to the Administration - Server Configuration screen, then the Profile Configuration view.
2. Select the LDAPSecAdpt profile.
3. Define the following parameter values for LDAPSecAdpt:
   • SharedDBUsername. The username to connect to the Siebel database.
   • SharedDBPassword. The password to connect to the Siebel database.

     NOTE:  You must specify a valid Siebel user name and password for the SharedDBUsername and SharedDBPassword parameters.