Siebel Business Analytics Server Administration Guide > Security in Siebel Business Analytics > Authentication Options >

Setting Up LDAP Authentication

Instead of storing user IDs and passwords in an analytics repository, you can set up the Analytics Server to pass the user ID and password typed by the user to an LDAP server for authentication. The server uses clear text passwords in LDAP authentication. Make sure your LDAP servers are set up to allow this.

In addition to basic user authentication, the LDAP server can also provide the Analytics Server with other information, such as the user display name (used by Siebel Business Analytics Web) and the name of any groups to which the user belongs. The LDAP server can also provide the names of specific database catalogs or schemas to use for each user when querying data. This information is contained in LDAP variables that get passed to Siebel Business Analytics session variables during the process of user authentication. For more information about session variables, see About Session Variables.

LDAP authentication uses Siebel Business Analytics session variables, that you define using the Variable Manager of the Administration Tool. For more information about the Variable Manager, see Using the Variable Manager.

Session variables get their values when a user begins a session by logging on. Certain session variables, called system session variables, have special uses. The variable USER is a system variable that is used with LDAP authentication. For more information about the USER system variable, see Using System Session Variables.

To set up LDAP authentication, you define a system variable called USER and associate it with an LDAP initialization block that is associated with an LDAP server. Whenever a user logs into the Analytics Server, the user ID and password will be passed to the LDAP server for authentication. After the user is authenticated successfully, other session variables for the user could also be populated from information returned by the LDAP server.

The following discussion assumes that an LDAP initialization block has already been defined. Setting up an LDAP initialization block is explained in Configuring an LDAP Server.

NOTE:  The presence of a defined session system variable USER determines that external authentication is done for users not defined in the repository. Associating USER with an LDAP initialization block determines that the user will be authenticated by LDAP. To provide other forms of authentication, associate the USER variable with an initialization block associated with an external database or XML source. For more information, see Setting Up External Table Authentication.

To define the USER session system variable for LDAP authentication

1. Select Manage > Variables from the Administration Tool menu.
2. Select the System leaf of the tree in the left pane.
3. Right-click on the right pane and select New USER.
4. In the Session Variable - USER dialog box, select the appropriate LDAP initialization block from the Initialization Block drop-down list.

   The selected initialization block provides the USER session system variable with its value.

5. Click OK to create the USER variable.

Setting the Logging Level

Use the system variable LOGLEVEL to set the logging level for users who are authenticated by an LDAP server. See Setting a Logging Level for more information.