Siebel Security Guide > Security Adapter Authentication >

Requirements for the LDAP Directory or Active Directory

If you implement LDAP or ADSI security adapter authentication with Siebel Business Applications, then you must provide a directory product that meets the requirements outlined in this topic. The directory product you provide can be one of the directory servers supported by the security adapters provided with Siebel Business Applications, or another directory server of your choice. The following options are available:

• If you provide one of the directory servers supported by Siebel Business Applications (that is, a supported LDAP directory or Microsoft Active Directory), then you can use a security adapter provided by Siebel Business Applications, or you can create your own security adapter that complies with Siebel Business Applications.
• If you provide a directory other than those supported by the security adapters provided with Siebel Business Applications, then you are responsible for implementing a security adapter that supports this directory.

For specific information about directory server products supported by Siebel Business Applications, see Siebel System Requirements and Supported Platforms on Oracle Technology Network.

NOTE:  For Siebel CRM product releases 8.1.1.9 and later and for 8.2.2.2 and later, the system requirements and supported platform certifications are available from the Certification tab on My Oracle Support. For information about the Certification application, see article 1492194.1 (Article ID) on My Oracle Support.

LDAP Security Adapter Requirements

If you are using LDAP authentication, then you must install the Oracle Database Client software that is provided with Siebel Business Applications. Your Siebel application uses DLL files provided by the Oracle Database Client to communicate with the supported LDAP directory server product you have chosen to use. For Oracle Database Client installation instructions, see Process of Installing and Configuring LDAP Client Software.

ADSI Security Adapter Requirements

If you are running the Siebel Server on supported Microsoft Windows operating systems and you are using ADSI authentication, then you must meet the requirements described in this topic. For more information about some of these requirements, refer to your Microsoft Active Directory documentation.

NOTE:  Siebel Business Applications do not support authentication using Microsoft Global Catalog.

The ADSI security adapter requirements are:

• To allow users to set or change passwords, the Active Directory client software must be able to establish a secure connection to the Active Directory server. This requirement can be met in multiple ways:
  • Including all systems as part of a single Microsoft Windows domain forest

    It is recommended that all Siebel Servers and Active Directory servers be located in the same domain forest.

  • Configuring trust relationships
  • Configuring Secure Sockets Layer (SSL)

    To perform user management in the Active Directory through the Siebel client, you must configure the Active Directory server at the server level for SSL communications between the Active Directory client and server. This is different from SSL communications between the security adapter and the directory, which is configured through Siebel Business Applications.

• Specify a specific user for the Siebel service owner account and define this Siebel service user:
  • On each Siebel Server computer in the Siebel Enterprise
  • In the Siebel Server Active Directory domain
  • In the Active Directory server domain, that is, the domain the ADSI security adapter connects to in order to retrieve Siebel user credentials
• DNS servers on your network must be properly configured with DNS entries for Active Directory. Client computers using the ADSI security adapter must be configured to be able to retrieve these entries from the appropriate DNS servers.
• If you require ADSI security adapter functionality for Siebel Developer Web Client deployments, then you must install the ADSI client software on each such client computer, where applicable.

  NOTE:  For more information about Active Directory client issues, search Microsoft's Web site for information about Active Directory Client Extensions.