This topic describes how to configure the Siebel LDAP or ADSI security adapters using the Siebel Configuration Wizard after you have installed Siebel Business Applications. Alternatively, you can configure the security adapter settings by setting Gateway Name Server parameters directly using Server Manager. For information on installing and configuring Siebel Business Applications, see Siebel Installation Guide for the operating system you are using.
Parameter Value
port port_number
The SSL port is configurable for the LDAP server. Verify the actual port number the LDAP server is using for SSL and specify that value. The default value is 636.
ssldatabase wallet_directory_path
Specify the absolute path to the wallet directory, for example:
file:c:\sslwallet where:
■ file is the wallet resource locator type
■ c:\sslwallet is the directory containing the wallet WalletPassword wallet_password
Specify the password you assigned to the wallet in Step a on page 125.
Security Adapter Authentication ■ Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
You use the Siebel Configuration Wizard to configure the Siebel Gateway Name Server parameters that set security adapter values. You can also use the Siebel Configuration Wizard to configure security adapter settings for Gateway Name Server access authentication; these parameters are stored in the Gateway Name Server configuration file (gateway.cfg). When configuring a Siebel Developer Web Client, you configure authentication parameters stored in the Siebel application configuration file. When you configure Siebel Gateway Name Server parameters, the Siebel Gateway Name Server must be running.
NOTE: The Siebel Enterprise and Gateway Name Server are configured to use database
authentication by default. If you specify LDAP or ADSI authentication using the Siebel Configuration Wizard, then the parameter values you specify for the security adapter are only implemented when you manually change the SecAdptName and SecAdptMode parameters using Server Manager to enable LDAP or ADSI authentication.
When you specify LDAP or ADSI as the security adapter type using the Configuration Wizard, the setting you make provides the value for the Security Adapter Mode (SecAdptMode) parameter. The Security Adapter Mode and Security Adapter Name parameters can be set for the Siebel Gateway Name Server, the Siebel Enterprise Server, for a particular Siebel Server, for an individual Application Object Manager component, or for the Synchronization Manager component (for Siebel Remote).
CAUTION: If you want to configure a server component or a Siebel Server to use different LDAP or ADSI authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then you must create a new LDAP or ADSI security adapter.
Otherwise, the settings you make reconfigure the existing security adapter wherever it is used.
When you specify LDAP or ADSI as the security adapter mode, additional configuration parameters are defined for the particular LDAP or ADSI security adapter. For example, the Security Adapter DLL Name (SecAdptDllName) parameter is automatically set when you specify LDAP or ADSI as the security adapter mode.
The Siebel Configuration Wizard sets authentication-related configuration parameters for Siebel Business Applications and Gateway Name Server authentication, but does not make changes to the LDAP directory or to Active Directory. Make sure the configuration information you enter is
compatible with your directory server.
The following procedure describes how to run the Siebel Configuration Wizard to configure the LDAP or ADSI security adapters provided with Siebel Business Applications.
To configure your LDAP or ADSI security adapter 1 Start the Siebel Enterprise Configuration Wizard.
2 Choose the Create New Configuration option, then Configure a New Enterprise in a Gateway Name Server.
For details about launching the wizard, see Siebel Installation Guide for the operating system you are using.
Security Adapter Authentication ■ Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
■ Select Lightweight Directory Access Protocol (LDAP) Authentication to implement the LDAP security adapter.
■ Select Active Directory (ADSI) Authentication (Windows only) to implement the ADSI security adapter.
5 Enter values for the various parameters that the Configuration Wizard presents to you as described in the following steps.
NOTE: The screens that the Configuration Wizard presents depends on the authentication type you select in Step 4.
6 Security Adapter Name (named subsystem). Specify the name of the security adapter. The setting you make provides a value for the Security Adapter Name parameter. You can accept the default name, or specify a nondefault name. If an enterprise profile (named subsystem) does not already exist with the name you specify, then the Siebel Configuration Wizard creates a new enterprise profile using that name. The default names are:
■ For LDAP, Security Adapter Name defaults to LDAPSecAdpt.
■ For ADSI, Security Adapter Name defaults to ADSISecAdpt.
7 Security Authentication Library CRC Checksum. Specify whether you want to use checksum validation for the security adapter DLL file. Corresponds to the CRC parameter.
If you do not want to use checksum validation, enter 0. Otherwise, enter the value that you generate. For information, see “Configuring Checksum Validation” on page 152.
8 Directory Server Domain Name. Corresponds to the ServerName parameter.
Specifies the name of the computer on which the LDAP or Active Directory server runs. You must specify the fully qualified domain name of the LDAP server, not just the domain name. For example, specify ldapserver.example.com, not example.com.
For Active Directory, if SSL is configured between the Siebel Server computer and the Active Directory server computer, then you must specify the fully qualified domain name of the directory server. If the Siebel Server and directory server are in the same domain, then you can specify the Active Directory server’s complete computer name or its IP address.
9 LDAP Port Configuration (LDAP only). The port number used by the LDAP directory server.
Corresponds to the Port parameter. Select the appropriate option according to whether LDAP is configured to use a standard port (389) or a secure transmission port (636). If you configured LDAP to use a transmission port other than one of those listed, then check the Use a different transmission port (non-default) option and proceed to Step 10.
The Active Directory server port is set as part of the directory installation, not as a configuration parameter.
10 Network TCP/IP Port Number. Enter the TCP/IP port number used by your LDAP implementation to authenticate the Siebel application.
11 Enter configuration information pertaining to attribute mapping:
Security Adapter Authentication ■ Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
■ Siebel Username Attribute. The Siebel user ID attribute used by the directory. An example entry for an LDAP directory is uid. An example entry for Active Directory is sAMAccountName (maximum length 20 characters). If your directory uses a different attribute for the Siebel user ID, then enter that attribute instead. Corresponds to the UsernameAttributeType parameter.
■ Siebel Password Attribute. The password for the Siebel user ID attribute used by the directory (LDAP only). Corresponds to the PasswordAttributeType parameter.
12 Enter additional configuration information pertaining to attribute mapping:
■ Credentials Attribute. The database credentials attribute type used by the directory. For LDAP and Active Directory, an example entry is dbaccount.
■ LDAP Roles Attribute. The attribute type for roles stored in the directory. This setting is required only if you use roles in your directory. Corresponds to the RolesAttributeType parameter. For more information, see “Configuring Roles Defined in the Directory” on page 160.
13 Shared Database Account Distinguished Name (DN). If you are implementing a shared database account for users, then specify the full DN of the directory object containing the shared database account values. Corresponds to the SharedCredentialsDN parameter. Configuring the shared database account also uses the database account attribute you defined in Credentials Attribute.
You can, as an alternative, specify the database credentials as profile parameters. For more information on this option, see Step 14.
14 Store shared database user credentials as parameters. Choose the appropriate action:
■ Select the check box Store Shared Database User Credentials as Parameters if you want to store the database credentials for the shared database account as parameter values for the LDAP Security Adapter profile or the ADSI Security Adapter profile instead of as directory attributes. Proceed to Step 15.
■ Leave the check box clear if you want to store each user’s database account credentials in an attribute of that user’s record in the directory. Proceed to Step 16.
15 Configure the shared database account:
■ Shared Database Account. Specify the shared database account user name.
■ Shared Database Account Password. Specify the shared database account password.
For more information on the shared database account, see “Configuring the Shared Database Account” on page 154.
16 Configure the application user:
■ Siebel Application Distinguished Name (DN). The full DN (distinguished name) for the application user stored in the directory. Corresponds to the ApplicationUser parameter.
In addition to defining the application user here, you must also create the application user
Security Adapter Authentication ■ Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard
■ Application Password. The password for the application user stored in the directory.
Corresponds to the ApplicationPassword parameter. Confirm the password.
17 Configure Web Single Sign-On (Web SSO). To configure Web SSO, select the check box.
Corresponds to the SingleSignOn parameter.
■ If you selected the check box, then go to Step 18.
■ If you did not select the check box, then go to Step 19.
18 Enter configuration information pertaining to Web SSO:
■ User Specification. The Web server variable which stores the user’s identity key.
Corresponds to the UserSpec parameter.
■ Shared Secret. Specify the trust token to use for Web SSO. Corresponds to the TrustToken parameter. The value also corresponds to the TrustToken parameter in the eapps.cfg file on the SWSE.
19 SSL Database Certificate File. To enable Secure Sockets Layer (SSL), provide the directory path to the Oracle wallet. For more information, see “Enabling SSL for the Siebel LDAP Security Adapter” on page 125.
20 Hash User Passwords. Specify whether or not you want to use password hashing for user passwords. Corresponds to the HashUserPwd parameter.
21 Hash Database Passwords. Specify whether or not you want to use password hashing for database credentials passwords. Corresponds to the HashDBPwd parameter.
For more information, see “About Password Hashing” on page 161.
22 Salt User Passwords. Specify whether you want to add a salt value to user passwords before they are hashed. Corresponds to the SaltUserPwd parameter. This option is available only if you have chosen to hash user passwords.
NOTE: You cannot add salt values to user passwords if you enable Web Single Sign-On.
For more information on the salt value feature, see “About Password Hashing” on page 161.
23 Salt Attribute. If you have chosen to add salt values to user passwords, then specify the attribute that is to store the salt value. The default attribute is title. Corresponds to the SaltAttributeType parameter.
24 Security Adapter Mapped User Name. Specify whether you want to implement the adapter-defined user name. Corresponds to the UseAdapterUserName parameter. For more information, see “Configuring Adapter-Defined User Name” on page 157.
■ If you check this option, then you must specify the Siebel User ID attribute. Go to Step 25 on page 130.
■ If you do not check this option, then go to Step 26 on page 130.
25 Siebel User ID Attribute. Specify the Siebel User ID attribute for the adapter-defined user name. Corresponds to the SiebelUsernameAttributeType parameter.
26 Base Distinguished Name (DN). Specify the base distinguished name (DN) in the directory