Siebel Analytics Installation and Configuration Guide > Configuring User Authentication and Security in Siebel Analytics >

LDAP and ADSI Authentication in Siebel Analytics

Authentication on LDAP and ADSI servers uses Siebel Analytics session variables. Some session variables, such as PASSWORD, are populated automatically. They receive their values when a user begins a session by logging on. Instead of storing user names and passwords in a Siebel Analytics Server repository, the Siebel Analytics Server passes the user's user name and password to an LDAP server for authentication.

Some session variables, such as GROUP, need to be manually created in the Siebel Analytics repository. In the Analytics Server Administration Tool Variable Manager, you use initialization blocks to specify the attributes to be retrieved in session variables. Certain session variables, called system session variables, have special uses. (For more information about session variables, the USER system variable, and the Variable Manager, see the appropriate topics in Siebel Analytics Server Administration Guide.)

The following key restrictions apply to LDAP and ADSI authentication:

• Importing of user information into the repository is supported on regular LDAP servers, but not supported on ADSI servers.
• Groups are defined in the repository. However, if lists of users are stored on LDAP servers, the group membership information must be obtained from a database table.

About Using CMS Key Database Files for LDAP Authentication

An LDAP server usually allows two kinds of authentication over SSL:

• Server authentication
• Server and client authentication

Siebel Analytics Server uses server authentication. You must configure an LDAP server to allow client-side server authentication.

For server authentication, you generate a CMS key database file with the Certificate Authority (CA) certificate and mark it as trusted. The CA is also the CA that issued the LDAP server's certificate.

GSKit (Global Security Kit)

Before configuring LDAP authentication, make sure that IBM's GSKit (Global Security Kit) is installed on the same machine as the Siebel Analytics Server, and that GSKit is configured for your operating system.

GSKit is a Java-based utility that provides CMS key database files for LDAP authentication over Secure Sockets Layer. (See Siebel System Requirements and Supported Platforms for the supported version of the Java runtime engine.)

NOTE:  If GSKit is not already installed, see Security Guide for Siebel Business Applications for the installation procedure.