User Guide

ManualsBrandsOracle ManualsOtherH09993100

Label Description

Port The server port number where the user directory is running.

Example:

389

Base DN The distinguished name (DN) of the container in the user directory hierarchy where the search for

users and groups should begin. You can also use the Fetch DNs button to list available Base DNs

and then select the appropriate Base DN from the list.

See “Using Special Characters” on page 61 for restrictions on the use of special characters.

Hyperion recommends that you be as specific as possible while identifying the Base DN.

Example:

dc=example,dc=com

ID Attribute The attribute that carries the identity of the user. The recommended value of this attribute, which

must uniquely identify a user in the user directory, is automatically set for Oracle Internet Directory

orclguid, SunONE (nsuniqueid), IBM Directory Server (Ibm-entryUuid), Novell

eDirectory (

GUID), and MSAD (ObjectGUID). You may change the default value if necessary.

See “Important Considerations When Using the Unique Identity Attribute” on page 39.

Maximum Size Maximum number of results that a search can return.

For LDAP-enabled user directories other than MSAD, leave this blank to retrieve all users and

groups that meet the search criteria. The maximum size entered in this screen is constrained by

the user directory settings.

For MSAD, set this value to

0 to retrieve all users and groups that meet the search criteria.

SSL Enabled The check box that enables the use of Secure Socket Layer (SSL) for communication with this

user directory.

Anonymous Bind The check box to indicate that Shared Services can bind anonymously to the user directory to

search for users and groups. If this option is not selected, you must specify in the User DN an

account with sufficient access permissions to search the directory where user information is stored.

Oracle Internet Directory connections do not support anonymous binds.

Note: Hyperion recommends that you do not bind anonymously with the user directory.

Trusted The check box to indicate that this provider is a trusted source. User credentials from trusted

sources are not validated during SSO. If this option is not set, the user credentials are validated

every time the user requests SSO to a different Hyperion product.

User DN This box is disabled if the Anonymous bind option is selected.

The user account that Shared Services should use to establish a connection with the user directory.

Typically, for LDAP-enabled user directories other than MSAD, you use the Directory Manager

account

cn=Directory Manager for this purpose. For MSAD, you use the Security Account

Manager name (

sAMAccountName).

You may use other accounts that have sufficient access permissions to search the directory where

user information is stored. Notice that this account must have proxy right to authenticate as a

different user.

Special characters are not allowed in the User DN value. See “Using Special Characters” on page

61 for restrictions on the use of special characters.

Example:

● cn=Directory Manager (user directories other than MSAD)

● sAMAccountName=pturner (MSAD)

Configuring User Directories