About Application User Permissions

The application user is the only user who can read or write user information in the directory. Therefore, it is critical that the application user has appropriate privileges to the directory. The application user must be defined in the directory with the following qualities:

• The application user provides the initial binding of the LDAP server with the Application Object Manager when a user requests the login page. Otherwise, binding defaults to the anonymous user.

• Assign the application user sufficient permissions to read any user’s information in the directory and do any necessary administration.

  In a Siebel security adapter implementation, the application user must have search and write privileges for all user records in the directory. In a Web SSO implementation, the application user must have, at least, search privileges.

• Permissions for the application user must be defined at the organization level (for example, OU for LDAP).