1. Security Guide
  2. Parameters for Security Adapter (Profile/Named Subsystem)

Parameters for Security Adapter (Profile/Named Subsystem)

This topic describes the parameters you set for the enterprise profile (named subsystem) for the specific security adapter you are configuring.

To implement LDAP authentication for a single Siebel application, configure parameters for the LDAP Security Adapter (defined as enterprise profile or named subsystem). Typically, the alias for this adapter is LDAPSecAdpt.

Set the security adapter parameters using values similar to those shown in the following table.

Parameter

Guideline

Security Adapter Dll Name

(SecAdptDllName)

For LDAP, enter sscforacleldap.dll

Do not include the file extension (for example, do not specify sscforacleldap.dll for LDAP). The specified value is converted internally to the actual filename for your operating system.

Server Name

Enter the name of the computer on which the LDAP directory server runs.

Port

For LDAP, an example entry is 389. Typically, use port 389 for standard transmission or port 636 for secure transmission.

Base Distinguished Name (DN)

The Base Distinguished Name is the root of the tree under which users are stored. Users can be added directly or indirectly after this directory.

You cannot distribute the users of a single Siebel application in more than one base DN. However, you can distribute them in multiple subdirectories, such as organization units (OU), which are used for LDAP.

LDAP example entry:

ou=people, o=domainname

In the example, "o" denotes "organization" and is the domain name system (DNS) name for this server, such as computer.example.com. "ou" denotes "organization unit" and is the name of a subdirectory in which users are stored.

User Name Attribute Type

LDAP example entry is uid

If you use a different attribute in the directory for the Siebel user ID, then enter that attribute name.

Password Attribute Type

The LDAP entry must be userPassword.

Credentials Attribute

If you are using an LDAP security adapter, an example entry is mail.

If you used a different attribute in the directory for the database account, then enter that attribute name.

Application User Distinguished Name (DN)

LDAP example entry:

uid=APPUSER, ou=people, o=domainname

Adjust your entry if your implementation uses a different attribute for the user name, a different user name for the application user, or a different base DN.

Application Password

For LDAP, enter APPUSERPW or the password assigned to the application user.

Shared Database Account Distinguished Name (fully qualified domain name)

LDAP example entry:

uid=shared database account user User ID, ou=people, o=domainname

For example:

uid=SharedDBUser, ou=people, o=example.com