LDAP authentization - user administration

Dear community of Siebel,

I prepare for an environment Siebel (version 8.1.1.8 on Solaris/Windows servers) of DB authentization switching to Active Directory via LDAP. Everything seems quite clear to me outside how user management is dealt with in the case of the use/not using SSL. I found the following instructions in the virtual library:

However, if you use the LDAP security adapter to authenticate users in Active Directory, and if you want to manage user passwords or create new users in Active Directory, you must configure SSL between the adapter of LDAP and Active Directory security.

VS

Feature

Adapter Security LDAP with AD directory

Shared database account credentials can be stored as a profile settings security adapter, eliminating the need for a user record of the credentials shared in the external directory.

Yes

Warning of password expiration.

NO.

Administration of the directory through Siebel Business Applications (manage user passwords or create new users).

Yes, provided that the SSL protocol is enabled between the LDAP security adapter and the Server Active Directory.

Not sure if my understandings are correct, but it seems that SSL must be enabled for the administration of Active Directory, as well as Siebel users. How users would justify, if SSL is not enabled and configured? Could you please shed some light on this?

My goal is to administer users in AD, but I would like more information in order to decide correctly.

Thank you!

Dear user-

It really boils down to whether or not you want to administer users of Siebel and have those changes propagate to the Active Directory.  Typical scenarios for this would include adding users in Siebel (either by views administrative or self-registration of the user), change the passwords within Siebel and certain types of action.  In each of these cases, you need to set the PropagateChange parameter for your adapter to true security profile.  If you don't want one of these types of changes of Siebel and manage your users via AD or another interface, then you set PropagateChange to FALSE and you don't have to worry about all this.

Suppose, however, that you want to have PropagateChange = TRUE.  With the LDAP security adapter you will encounter a problem because Active Directory insists that delicate operations be done via a secure channel.  In a Windows environment or when you use the ADSISecAdpt that usually would be finished by Kerberos or NTLM.  In General, LDAP clients (including those used by Siebel) cannot use these channels so that they have to use SSL or - preferably - communications TLS to create a channel "secure".

A significant word of warning if you decide to use SSL/TLS with LDAP to Active Directory security adapter - it does not work on Windows 2008 or later machines (machines Siebel: it is fine if the ad is on those).  This is because these versions of Windows do not play nice with the Client LDAP IBM and GSKit based on LDAPSecAdpt of Siebel.  If you do not need this type of communication since a Siebel application server is Windows 2008 or later, you REALLY do need to move up to at least 8.1.1.11 where we have introduced the possibility of using the client LDAP of Oracle and Oracle Wallet with the Siebel LDAPSecAdpt.

Yet although if you do all your administration of Active Directory from Active Directory (or other tool), then it is a non-issue.  You create users in Active Directory and then create a user record in Siebel.  By the way there is no way currently to directly propagate users from Active Directory for Siebel.

A final option according to your needs would be to use a configuration such as Oracle Identity Management (IOM) package that is capable of interfacing with systems more the level of database and other places.

Hope it will be useful.

Stevan - Oracle

Tags: Oracle Applications

Similar Questions

  • the user administrator access denied

    the following error occurred during which to save properties for user administrator
    access is denied

    You are a member of the Administrators group?  You need administrator privileges to run the task.

    John

  • Impossible to the configuration file of the access to the error in XP mode: "is client\users\administrator is not accessible.

    Original title: can not access the configuration file because I'm not the administrator, even if I'm the only person who uses this computer

    I bought Windows 7 Professional on a new computer, because a program that I use every day may run in XP mode.  Configure XP mode and when it asked for a password that I left it empty and press to enter.  When I try to enter in the file config on XP the message "is client\users\administrator is not accessible." You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permission.

    I downloaded the andxp of MS virtual pc mode because this 8 year and plu program will be run in this mode.  I copied the old computer config file and you want to replace the file loaded when I installed the program on the new computer.  Who will save me load all data files (more than 80) and not to recreate the data in these files that I changed. I installed the program from the original disc and it is implemented very well except for the config file.

    There are two user fence: virtual XP-admin and virtual user of XP-88950xp.

    The only program I installed XP mode is this one.

    Thank you.

    Hugh Humphreys

    Hi Hugh Humphreys,

    Leave the password empty section and see if the XPMUSER can be accessed.

    Method 1: If the problem persists, you can try to access Windows XP Mode with the default account named "Administrator". This account appears when we get into Safe Mode. By default, there is no password for this account, and the password is determined when you set up the Windows XP Mode. We can use this account to reset the password of the other accounts password. To do this, follow these steps:

    (a) Firstly, disable the integration features.

    (b) restart Windows XP Mode. When the Boot Menu appears on startup, press F8. (Continue to press the F8 key until the Windows Startup menu is displayed.)

    (c) on the advanced Windows Menu of Options, select Safe Mode and press ENTER.

    (d) log in Windows by using the administrator account and the password.

    Note: The password is empty by default unless you already set a password.

    (e) after the connection mode safe, click on "Start", go to "run", type "nusrmgr.cpl" (without the quotes) and press ENTER.

    (f) choose the user you want to change and click 'reset password'. Set a new password.

    (g) click on "Advanced" tab, click on the button "Advanced".

    (h) click on "users". The choice of the user you want to edit in the right pane. It to the right and click on "Properties".

    (i) check the "password never expires". Click on 'OK'.

    (j) then exit the settings and restart Windows XP Mode to normal mode.

    Method 2: Please try following the steps for the computer to remember the credentials and do not ask the password to open each programs:

    (a) when he asks for a password, click Cancel. Without integration feature, you are allowed to log on with an account that does not have a password.

    (b) set a password for your current user.

    (c) click on tools on Windows Virtual PC, choose enable integration features.

    i. type the password, check the box "Remember my credentials" and click OK to open a session.

    II. after joining the domain, logon in XP mode with the local administrator account.

    Reference: http://social.technet.microsoft.com/Forums/en-US/w7itprovirt/thread/45f3f241-3d0a-43f7-8baf-c64ab3a8a76d/

    http://answers.Microsoft.com/en-us/Windows/Forum/windows_vista-security/keeping-passwords-secure-Microsoft-policy-on/3eba3150-8742-4264-be9f-0daaad2282cd

    If this does not work, post your request in the TechNet forums to get help.

    http://social.technet.Microsoft.com/forums/en/w7itprovirt/threads

  • My PC startup error message: c:\Users\Administrator\AppDate\Local\TBHostSupport\TBHostsupport_0.dll

    How can I fix the error message I get when I start my PC

    'error loading '.

    c:\Users\Administrator\AppDate\Local\TBHostSupport\TBHostsupport_0.dll

    The specific module could not be found.

    We should perhaps consider the possibility of Malware, see:

    http://answers.Microsoft.com/en-us/Windows/Forum/windows_vista-system/error-message-after-startup/98b75892-96ab-4DC4-8920-79c328fd615a

  • No user administrator are posible charged mi.

    Cuando intento ingresar a mi perfil user administrator (login), el sistema reconoce mi huella digital y/o mi contrasena (password) como should; Sin embargo not be completa the Acción y appears the following message: "the user profile service failed. Unable to load the user profile"("el servicio del perfil del usuario fallo. ("El perfil del usuario no can be cargado")

    I'm sorry, but these Vista Help Forums only provide support in English.

    http://support.Microsoft.com/common/international.aspx

    To ensure that you receive support appropriate for your location information, select your region setting in the list on the link above and then click the arrow button.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Restore point:

    Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

    Try a restore of the system once, to choose a Restore Point prior to your problem...

    Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    If the above does not work:

    http://windowshelp.Microsoft.com/Windows/en-AU/help/769495bf-035C-4764-A538-c9b05c22001e1033.mspx

    Difficulty of a corrupted user profile

    After creating the profile, you can copy the files from the existing profile. You must have at least three user accounts on the computer to perform these operations, including the new account that you created.

    Thank you Mick Murphy - Microsoft Partner

  • make visible a non admin user ADMINISTRATOR

    my pc has a user who is say NO ADMIN P
    P has UAC enabled, as no files Installer (.exe) may work.
    Then, there is a hidden ADMINISTRATOR say Q with p/s I know
    MY GOAL:
    Q make visible
    OR
    make the admin P
    MY DIAGNOSIS:
    1:
    I try to open cmd w / run as administrator.
    UAC confirmation will appear which is grayed out button Yes, I click on close and run cmd normally
    then I write
    NET user administrator / Active: Yes
    It gives an error
    system error 5 access is denied
    2:
    go to the screen to login press crl alt del twice.
    no luck
    3:
    Go to user accounts and change the settings
    the area of confirmation uac that has dimmed button Yes, I click on close.
    4:
    Help, please
    • You must activate Q so that it becomes visible when P try to run cmd.exe as administrator.
    • The UAC settings are global. You cannot set their individual accounts.
    • Press Ctrl + Alt + Del is a thing of Windows XP. It does not work under Windows 7.

  • TMS does support group directory user Administration

    Hello

    I tried to import a group of AD user administration, and I couldn't get any directory listed in the research group. But I can see that security groups are listed there.

    Is this normal for this security group may not be import of AD Directory group? Why?

    Thank you best regards &,.

    Nikhil Jayan

    It is not in the documentation, but I don't think you can import distribution lists, only security groups are supported.  The TechNet article https://technet.microsoft.com/en-us/library/cc781446(v=ws.10).aspx.

    Distribution groups to send e-mail to collections of users only with e-mail applications (such as Exchange). Distribution groups are not enabled for security, which means that they cannot be listed in discretionary access control lists (DACLS). If you need a group to control access to shared resources, create a security group.

  • Hello. Where can I get documentation for HP Capture and the road? As a user/administrator's guide?

    Hello. Where can I get documentation for HP Capture and the road? As a user/administrator's guide? I recently installed a trial version, but he did not come all documentation.

    little late? ;-)

    Seems many is research. Look at

    http://h20000.www2.HP.com/bizsupport/TechSupport/DocumentIndex.jsp?ContentType=SupportManual&lang=en&cc=us&docIndexId=64179&TaskID=135&prodTypeId=457757&prodSeriesId=5260445

  • CC Desktop App for the Government concerning: the end user administrator came back with 2 questions. Since the Bank has its workstations (computers) in a network segments separated physically (Internet and Intranet), are they correctly assuming that:

    Desktop adobe Creative Cloud for government applications :end user administrator came back with 2 questions. Since the Bank has its workstations (computers) in a network segments separated physically (Internet and Intranet), are they correctly assuming that:

    1. They will be able to download and activate the installation package through CC e package on Internet workstation and transfer with a USB flash drive on a workstation Intranet , hence they can deploy desktop applications to end-user desktops CC?
    2. The deployment of renewal process will work the same as above?

    Government accounts https://forums.adobe.com/thread/1483694 can help

    or

    Since this is an open forum, not Adobe support... you must contact Adobe personnel to help

    Chat/phone: Mon - Fri 05:00-19:00 (US Pacific Time)<=== note="" days="" and="">

    Don't forget to stay signed with your Adobe ID before accessing the link below

    Creative cloud support (all creative cloud customer service problems)

    http://helpx.Adobe.com/x-productkb/global/service-CCM.html

    or

    http://forums.Adobe.com/community/download_install_setup/creative_suite_enterprise_deploym ent

    Creator of Enterprise Cloud https://forums.adobe.com/thread/1489872 License Restrictions

  • User 'Administrator' - bypassing security

    Hi, I just wanted to confirm that the 'Administrator' user OBIEE circumvents any kind of external authentication (i.e., base data or LDAP). My understanding is that the Administrator works around this so that if something is set up wrong, the administrator user can always connect to OBIEE to fix things.

    Could someone please confirm that my interpretation is correct?

    Thank you!
    Scott

    Yes, you are right. Administrator user is created when we create a SPR for the first time and cannot be deleted.
    Administrator can even add other users to presentation Services Administrator Webgroup, so that users can perform the Admin activities.
    To change the RPD, the user must be added under the Administrators group in the RPD.
    Thank you
    Swami

  • LDAP for users / RPD for groups.  How?

    I know this has been asked before but I have not found a good explanation.
    We have implemented OBI to authenticate to our LDAP.
    But I need to assign users to groups created in the repository.
    Adding groups to the RPD and import ldap users and assigning them to groups do not work as their passwords are empty.

    It is not surprising that Guid to the developer on page 124 says:
    "When a user is in both the repository and source external (such as LDAP servers), the".
    local repository definition by the user takes precedence. This restriction allows the Oracle company
    Intelligence Server Administrator to override users who exist in a system of external security. »

    So how to proceed?

    On the same page it says:
    Groups are defined in the repository. However, if the user lists are stored on LDAP servers, the
    group membership information must be sourced from a database table.

    Problem is that I have not experienced enough yet to understand how to implement that. Anyone have suggestion or can point to detailed information on the subject?

    Thank you, E

    Once you have configured your LDAP on the RPD information, do not import users.
    OLIVIER will connect to the LDAP server and complete the authentication part.
    Now in order to to allow, you would need an external table. Here are some instructions on how to put in place which:

    http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-LDAP-and-database-queries-to-control-authentication-and-authorization/

    Enjoy!

  • How to set controls on my computer to allow standard users to not impersonate a user administrator? I just want to be able to have 1 administrative user.

    I tried to sent a parental controls for my minor daughter not to go to some Web sites, but she had figured out how to change his user account and the administrator account. How can I stop this?

    I moved your post on the forums of Windows security.

    Basically, you need to make sure that other users of the PC have their protected accounts password and the PC is locked or users disconnected if one of them is administrative users. If she has access to your password or the password of an account with admin rights, it can change its own permissions.
    -steve

  • Accidentally changed both to 'standard user' user accounts, so now there is no user "administrator."

    I changed the two accounts to standard user accounts, and now of course I can't make changes, or download anything. Whenever I try to change anything, a UAC popup window appears, but that still leaves me not chang anything. Help.

    I think that window version my computer is XP (home).

    Thanking you in advance,

    Ms. lee

    It must be a built-in Administrator account that does not remove-able.  When you get to the login screen, hit Ctrl-Alt-Del twice.  Then you should be able to enter "Admin" as user and leave the password empty (unless you have changed in the past).  Then, you should be able to create other users with administrator privileges or other functions of the administrator.

    "How to connect to your Windows XP-based computer if you forget your password or if your password expires"
      <>http://support.Microsoft.com/kb/321305 >

    HTH,
    JW

  • User administrator account lost?

    After a reboot, my user account is not found in the office.  XP Pro SP3

    I tried to re - create, but since there are already, I can't.  All the files still exist under Documents and Settings, but how do I get the account back then my emails and boomarks are all back, please?

    After a reboot, my user account is not found in the office.  XP Pro SP3

    I tried to re - create, but since there are already, I can't.  All the files still exist under Documents and Settings, but how do I get the account back then my emails and boomarks are all back, please?

    I know it's an old question, I answer to provide assistance to others who might neeed (as I did 5 minutes ago)

    I just had the same thing happen after a massive motherboard failure.  I've restored the missing user accounts by going to control panel (Classic view), tools for administration, computer management, local users and groups, users folder.

    I saw the missing accounts there.  Double-click an account you want to resolve. Click on the tab "member of."  Use the Add button to add the Group appropriate to that list.  Administrator for admins, user for non-admin users.  There are other choice you can search folder under users and groups, not sure they all are.

    Thank you for me to enter the neighborhood so I could understand that.

  • Why my user/administrator account is not listed in C:\Users?

    I am the only user on this computer. I am the administrator. When I open the C:\Users folder, I'm not registered. Only two folders exist in the users: AppData and Public.

    Hello

    Do you remember the last modified pray the computer before the show?

    Method 1:

    I would suggest to run a file system analysis checker and check if that helps:

    How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7

    http://support.Microsoft.com/kb/929833

    Method2:

    I suggest you to check the drive for errors and if it helps, check out the link:

    http://Windows.Microsoft.com/en-us/Windows-Vista/check-your-hard-disk-for-errors

    Warning of Chkdsk.
    Important:     Running chkdsk on the drive if bad sectors are found on the disk hard when chkdsk attempts to repair this area if all available on which data may be lost

    Method3:

    You can also try and create a new user account and check if the same thing will occur:

    Step 1: create a new user account

    http://Windows.Microsoft.com/en-us/Windows-Vista/create-a-user-account

    Step 2:  If the new user account works try and difficulty of damaged user account, follow the link:

    http://Windows.Microsoft.com/en-us/Windows-Vista/fix-a-corrupted-user-profile

    I hope this helps.

Maybe you are looking for

  • MLB gameday does not load even after enabling cookies and history of compensation and disabling the blocker

    Have you tried the fixes online but the mlb gameday still doesn't load. Cleared cookies, history cleared, off of the blocker. Spin Microsoft Security Essentials. Problem started a few days ago. Not a not upgrade everything I know. Don't have anti-ad.

  • Ink advantage 1515: HP 1515 does not print

    Hello!  have the same exact problem with ELZOLEE posted on 06/08/2015. I did the instructions in case of problem, but I had a problem with step 2, add the replacement driver. "In the devices and printers folder right click on your HP Officejet Pro 68

  • Problem with the help of WITH Toshiba Bluetooth Stack with Winamp

    I want to control winamp using Sony Ericsson HBH-DS970.But I have Toshiba Bluetooth Stack on my computer, and in the options, it is only possible to control Windows media player and as far I discovered using regedit - HKEY_CURRENT_USER\Software\Toshi

  • NEITHER 3202 - SAMPLING INTERVAL ADJUSTMENTS

    Hello! I need clarification on the concept of sampling interval wrt nodes NI WSN (3202, 3212, 3226) training and even with my kit. I list the approaches that I have known, Approach I: in Structure case 'Node target VI'--> 'Start '. Choose the mode "V

  • 15-e016nr HP: hp 15-e016nr bios locked

    I was 'hired' by a colleague who had not used his laptop in a good time because the screen was dismantled to unlock his laptop. I still don't understand why people use bios passwords and then cannot keep up with them, but that's my opinion I think. H