Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Security Adapter Authentication > Process of Implementing LDAP or ADSI Security Adapter Authentication >

Setting Up the LDAP Directory or Active Directory

When you implement LDAP or ADSI authentication, users are authenticated through a directory. This topic describes how to set up the directory to do the following:

  • Authenticate users through the directory.
  • Allow self-registration.
  • Use the Siebel user ID as the user name.

This task is a step in Process of Implementing LDAP or ADSI Security Adapter Authentication.

The following procedure describes how to set up the LDAP directory or Active Directory. For more information about setting up the directory, review About Setting Up the LDAP Directory or Active Directory.

To set up the LDAP directory or Active Directory

  1. Determine the Base Distinguished Name, that is, the location in the directory in which to store users. For details, see the BaseDN parameter description in Siebel Gateway Name Server Parameters.

    You cannot distribute the users of a single Siebel application in more than one base DN. However, you can store multiple Siebel Business Applications' users in one base DN or in substructures such as organization units (OU), which are used for LDAP. For example, store users in the People base DN under the domain level for LDAP directories, or in the Users base DN under the domain level for ADSI directories.

  2. Define the attributes to use for the following user data. Create new attributes if you do not want to use existing attributes. Suggested attributes to use are as follows:
    • Siebel user ID. Suggested attribute: uid for LDAP, or sAMAccountName for ADSI.
    • Database account. Suggested attribute: dbaccount.
    • Password. Suggested attribute (for LDAP only): userPassword. However, if you use the LDAP security adapter to authenticate against Microsoft Active Directory, then use either the unicodePWD or userPassword attribute, depending on the code page used by the directory server. ADSI directories do not use an attribute to store a user's password.

      Optionally, use other attributes to represent first name, last name, or other user data.

    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.