Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Security Adapter Authentication > About LDAP or ADSI Security Adapter Authentication > Comparison of LDAP and ADSI Security AdaptersThis topic outlines the differences in functionality provided by the LDAP and ADSI security adapters. The relative benefits of each type of security adapter are shown in Table 11. The LDAP security adapter can be used to authenticate against supported LDAP-compliant directories. The LDAP security adapter is also supported for integration to Active Directory and provides most of the functionality offered by the ADSI security adapter. The ADSI security adapter can authenticate against ADSI-compliant directories (Microsoft Active Directory). For Siebel CRM release 8.0 and higher, it is recommended that you use the LDAP security adapter for authenticating against both Active Directory and LDAP-based external directories. For additional information about LDAP and ADSI security adapter authentication, see About LDAP or ADSI Security Adapter Authentication. Using the LDAP Security Adapter With Active Directory: Setting the Base DNIf you use the LDAP security adapter with Active Directory, problems can occur if you set the base distinguished name (Base DN), which specifies the root directory under which users are stored, to the root level of the Active Directory. When the LDAP security adapter searches the Active Directory, it searches everything under the Base DN. If the Base DN is set to the Active Directory root, the LDAP security adapter searches all directory entities, including configuration and schema entities to which the application user does not have access, resulting in problems occurring. To avoid these problems, do not set the base DN to the Active Directory root directory; this recommendation also applies to implementations in which the ADSI security adapter performs the authentication function. Communicating With More Than One Authentication ServerThis topic describes the specific circumstances in which the LDAP and ADSI security adapters can connect to more than one directory server, either to authenticate users in more than one directory, or for failover purposes. ADSI Security AdapterThe ADSI security adapter does not support authentication of users in different domains or forests and does not support Microsoft Global Catalog functionality. However, the ADSI security adapter can connect to multiple AD servers for authentication or failover purposes provided that the following conditions are met:
To enable the ADSI security adapter to connect to multiple AD servers, specify the NetBIOS name of the domain containing the Active Directory servers, instead of the name of a specific Active Directory server, for the Server Name parameter of the ADSI security adapter profile. LDAP Security AdapterThe LDAP security adapter provided with Siebel Business Applications currently does not support communication with more than one directory server. However, the following options are available:
|
Siebel Security Guide | Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |