1. Security Guide
  2. Creating Users in the LDAP Directory

Creating Users in the LDAP Directory

This topic describes the users you must create in the LDAP directory to implement LDAP security adapter authentication.

This task is a step in Process of Implementing LDAP Security Adapter Authentication.

When you use LDAP authentication, you must create the following users in the directory:

  • Application user. Make sure the application user has write privileges to the directory because the security adapter uses application user credentials when using the self-registration component. The application user must also have search privileges for all user records. For additional information, see Configuring the Application User.

  • Anonymous user. You must define an anonymous user even if your application does not allow access by unregistered users. For more information, see Configuring the Anonymous User.

  • Records for each user of the Siebel application. Initially, create a test user to verify the authentication system.

  • (Optional) A shared credentials user account. You can also store credentials for the shared database account as profile parameters for the LDAP security adapter profiles. For more information, see Configuring the Shared Database Account.

Create users in the directory using values similar to those shown in the following table. Store information for users in the directory attributes indicated in Setting Up the LDAP Directory. Optionally, complete other attribute entries for each user.

Type of User

Siebel User ID

Password

Database Account

Anonymous user

Enter the user ID of the anonymous user record for the Siebel application you are implementing.

  • You can use a seed data anonymous user record for a Siebel customer or partner application. For example, if you implement Siebel eService, enter GUESTCST.

  • You can create a new user record or adapt a seed anonymous user record for a Siebel employee application.

GUESTPW or a password of your choice.

A database account is not required for the anonymous user if a shared database credentials account is implemented; the database credentials for the anonymous user are read from the shared database account user record or the relevant profile parameter of the LDAP security adapter.

Application user

APPUSER or a name of your choice.

APPUSERPW or a password of your choice.

A database account is not used for the application user.

A test user

TESTUSER or a name of your choice.

TESTPW or a password of your choice.

Database account is not required for any user record, except the anonymous user or the shared credentials user account.

Shared database credentials account user

SharedDBUser or a name of your choice.

The user name and password you specify for the shared database account must be a valid Siebel user name and password.

SharedDBPW or a password of your choice.

username=SHAREDDBUSER password=P

For information about formatting requirements for the database account attribute entry, see About Setting Up the LDAP Directory.

The example directory entries in the table in this topic implement a shared credential. The database account for all users is stored in one object in the directory. In this example, the shared database account is stored in the SharedDBUser record. The database account must match the database account you reserve for externally authenticated users which is described in About Creating a Database Login for Externally Authenticated Users. The P symbol represents the password for that database account. For additional information, see Configuring the Shared Database Account.