1. Security Guide
  2. Enabling TLS for the Siebel LDAP Security Adapter

Enabling TLS for the Siebel LDAP Security Adapter

Use the following procedure to configure TLS for the Siebel LDAP security adapter. For more information about LDAP security adapter configuration, see Configuring Security Adapters Using the Siebel Management Console.

To enable TLS for the Siebel LDAP security adapter

  1. Copy the wallet you created in Creating an Oracle Wallet to the Siebel Server computer where you will run the Application Object Manager components that support LDAP authentication.

  2. (Windows Only) If you are using Windows, do one of the following:

    • Copy the contents of the wallet directory ORACLE_HOME\bin\owm\wallets\username into a location that the Siebel Server service owner can access, for example c:\wallet.

    • Alternatively, change the Siebel Server service owner account log on values so that they are the same as the account used to create the wallet described in Creating an Oracle Wallet. To change the Siebel Server service account owner log on values:

      • From the Windows Start menu, choose Settings, Control Panel, Administrative Tools, and then the Services item.

      • Right-click on the Siebel Server System Service, then select Properties.

      • In the Properties dialog box for this service, click the Log On tab.

      • Select the This Account option, then enter the name and password of the account used to create the wallet.

  3. Modify the LDAP security adapter configuration parameters using values similar to those shown in the following table.

    Parameter

    Value

    Port

    port_number

    The TLS port is configurable for the LDAP server. Verify the actual port number the LDAP server is using for TLS and specify that value. The default value is 636.

    SSL

    Select this check box to enable Secure Sockets Layer for socket connections to the host.

    Enable SSL

    Select this check box to use TLS for communications between the LDAP security adapter and the directory.

    Note the following:

    • The wallet file (ewallet.p12) must be stored in the keystore/truststore central location configured for Siebel Gateway, Siebel Application Interface, and other nodes.

    • Oracle LDAP client libraries are required to decipher the ewallet file, which is used to make secure connections (LDAPS) to the LDAP server.

    • The required Oracle LDAP client library files are:

      oraclepki.jar, osdt_core.jar, and osdt_cert.jar

      These library files must be located in the WEB-INF/lib directory for the Siebel Web application.

    Wallet Password

    wallet_password

    Specify the password you assigned to the wallet when creating the wallet.

    For information on configuring parameters for the LDAP security adapter, see Configuring Security Adapters Using the Siebel Management Console and Parameters for Configuring Security Adapter Authentication.

  4. Restart the Siebel Server (if you are configuring LDAP on a Siebel Server).