Last time we talked about the concepts involved in authentication using Active Directory. This week, we’ll have a look at how to apply these concepts by creating an authentication profile in Siebel, for use by an Object Manager.
First up, go into Site Map > Administration – System Configuration > Enterprises > Profile Configuration
If you query for Profile = ADSI*, you’ll see a vanilla AD security adapter configuration. If you’re going to try changing stuff, why not take a copy of this so that you can always refer back to the original.
So, here are the values you’ll need to fill in:
|Server Name||The name of your directory server||intra.myco.local|
|Port||The port on which your server is listening||389|
|Base DN||The container which will act as the root of your user objects||OU=USERS, DC=INTRA, DC=MYCO, DC=LOCAL|
|Application User DN||An AD user that has the ability to add and modify existing objects||CN=ADSIUSER, OU=USERS, DC=INTRA, DC=MYCO, DC=LOCAL|
|Application Password||Password for the user above||xxxxxx|
|Propagate Change||Whether or not changes in Siebel will propagate down to AD||True|
|Shared DB User Name||User name of the DB account which is used to access the Siebel Database||SADMIN|
|Shared DB Password||Password for the user above||xxxxxx|
Once you’re happy with this configuration, you need simply tell your OM component to use the new profile for authentication. Do this through Site Map > Administration – System Configuration > Servers > Components > Parameters. Simply set the follow parameter values:
|Security Adapter Mode||Either ADSI, DB or LDAP ADSI||ADSI|
|Security Adapter Name||Name of the profile that you created above||intADSISecAdapt|
You can trouble shoot by setting event logging on the OM, specifically around the Security Adapter Log and Security Adapter Manager events. I’d also recommend reading through the Siebel Security Guide in Bookshelf.
Please feel free to post if you’re having problems with enabling AD authentication in Siebel or if you have anything else to add.