Bookshelf Home | Contents | Index | PDF | ![]() ![]() |
Siebel Analytics Server Administration Guide > Security in Siebel Analytics > Analytics Security Manager > Importing Users and Groups from LDAPIf your organization uses Lightweight Directory Access Protocol (LDAP), you can import your existing LDAP users and groups to a repository. After imported, all normal Siebel Analytics Server user and group functions are available. You can resynchronize your imported list at any time. You can also authenticate against LDAP as an external source. When you do this, users are not imported into the repository. Users are authenticated, and their group privileges determined, when they log on. For more information about using LDAP authentication, see LDAP Authentication. This section includes the following topics: NOTE: If a user exists in both the repository and in LDAP, the local repository user definition takes precedence. This allows the Siebel Analytics Server Administrator to reliably override users that exist in an external security system. Configuring an LDAP ServerThis section explains how to configure LDAP authentication for the repository. For instances of Siebel Analytics that use ADSI as the authentication method, the following AD configuration options should be used when configuring the AD instance itself:
In the Siebel Analytics Administration Tool, the CN user used for the BIND DN of the LDAP Server section must have both ldap_bind and ldap_search authority. NOTE: The Siebel Analytics Server uses clear text passwords in LDAP authentication. Make sure your LDAP Servers are set up to allow this. When LDAP is used for authentication, User name and Password must be upper case. The Siebel Analytics repository uses the system variable :USER in several initialization blocks such as in Authorization and Login properties. The NQSConfig.ini file contains a parameter (UPPERCASE_USERNAME_FOR_INITBLOCK) that, when set to YES, automatically changes the value of :USER to uppercase in every initialization block in which it is used. The Enterprise installation sets this to YES. The default, otherwise, is NO. To configure LDAP authentication for the repository
Importing Users from LDAPYou can import selected users or groups, or you can import all users or groups. If you have previously performed an import, you can choose to synchronize the repository with the LDAP server. To import LDAP users and groups to a repository
Synchronizing Users and Groups with LDAPYou can refresh the repository users and groups with the current users and groups on your LDAP server. After selecting the appropriate LDAP server, select LDAP > Synchronize (or choose Synchronize from the right-click menu). Synchronization updates your list of repository users and groups to mirror your current LDAP users and groups. Users and groups that do not exist on your LDAP server are removed from the repository. The special user Administrator and the special group Administrators always remain in your repository and are never removed. Properties of users already included in the repository are not changed by synchronization. If you have recycled a login name for another user, drop that name from your repository prior to synchronization. This assures that the process will import the new LDAP user definition. NOTE: With external LDAP authentication (discussed in the next section), import and synchronization are not really necessary. The primary use for import is to make it easy to copy LDAP users as Siebel Analytics users for testing. |
![]() |
![]() ![]() |
Siebel Analytics Server Administration Guide |