Last time we talked about the concepts involved in authentication using Active Directory. This week, we’ll have a look at how to apply these concepts by creating an authentication profile in Siebel, for use by an Object Manager.
First up, go into Site Map > Administration – System Configuration > Enterprises > Profile Configuration
If you query for Profile = ADSI*, you’ll see a vanilla AD security adapter configuration. If you’re going to try changing stuff, why not take a copy of this so that you can always refer back to the original.
So, here are the values you’ll need to fill in:
| Parameter | Description | Example |
|---|---|---|
| Server Name | The name of your directory server | intra.myco.local |
| Port | The port on which your server is listening | 389 |
| Base DN | The container which will act as the root of your user objects | OU=USERS, DC=INTRA, DC=MYCO, DC=LOCAL |
| Application User DN | An AD user that has the ability to add and modify existing objects | CN=ADSIUSER, OU=USERS, DC=INTRA, DC=MYCO, DC=LOCAL |
| Application Password | Password for the user above | xxxxxx |
| Propagate Change | Whether or not changes in Siebel will propagate down to AD | True |
| Shared DB User Name | User name of the DB account which is used to access the Siebel Database | SADMIN |
| Shared DB Password | Password for the user above | xxxxxx |
Once you’re happy with this configuration, you need simply tell your OM component to use the new profile for authentication. Do this through Site Map > Administration – System Configuration > Servers > Components > Parameters. Simply set the follow parameter values:
| Parameter | Description | Example |
|---|---|---|
| Security Adapter Mode | Either ADSI, DB or LDAP ADSI | ADSI |
| Security Adapter Name | Name of the profile that you created above | intADSISecAdapt |
That’s it!
You can trouble shoot by setting event logging on the OM, specifically around the Security Adapter Log and Security Adapter Manager events. I’d also recommend reading through the Siebel Security Guide in Bookshelf.
Please feel free to post if you’re having problems with enabling AD authentication in Siebel or if you have anything else to add.
Hi – What is the difference between Active directory and LDAP? thanks
Hi GP,
Good question!
Lightweight Directory Access Protocol (LDAP) is a protocol, used to access directory services.
Microsoft Active Directory (AD) is a directory solution, from Microsoft, which amongst other things provides access to it’s functionality via the LDAP protocol.
Hi,
I have a question regarding user ids set up in the application. In the parameter values, you have specified
Application User DN An AD user that has the ability to add and modify existing objects CN=ADSIUSER, OU=USERS, DC=INTRA, DC=MYCO, DC=LOCAL
I understand that an entry for ADSIUSER & anonymous user id (eapps.cfg) are set up in the active directory.
Do we have to create a user record in the siebel application for ADSIUSER?
Also, do we need to create a user record for anonymous user id which we specify in the eapps.cfg?
Thanks
Sridhar
Hi Sridhar,
My understanding is that the Application User does not need to exist as a Siebel Employee / User record. However, if you’re using the same user name in eapps.cfg, then it does need to exist.
Have a look here for more information on the Application User.
The Anonymous User does need to exist as an Employee / User.