A directory service account that Content Platform Engine uses to connect to the directory server.
- Directory service (bind) user account (Active Directory)
- Unique identifier
- cpe_service_user
- Description
- Provide the fully qualified distinguished name of cpe_service_user as the
directory service bind user name while running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory Configuration
Wizard.
cpe_service_user performs the following roles:
- Acts as the bind user specified by the application server to search through realms to
authenticate a user when the user logs in to a Content Platform Engine
client.
- Acts as the user specified in the GCD that searches users and groups to authorize access to a
specific FileNet® P8 object after a user has been
authenticated.
Provide the fully qualified distinguished name of cpe_service_user as
the LDAPBindDN while running Configuration Manager and also when you run the Administration Console for Content Platform Engine Directory Configuration Wizard. Available for viewing and
modifying in the Administration Console for Content Platform Engine Directory configuration
tab.
The Directory Service User cannot be accessed using referrals.
- Minimum required permissions
- Use Active Directory tools to grant cpe_service_user at least
the following minimum rights to all entries (including user and group entries) in each security
realm that is configured for your FileNet P8 domain:
- Read access rights (specifically the Read All Properties permission) to the forest-wide
configuration directory partition and the domain directory partition in each desired domain in the
Active Directory forest. Because Authenticated Users by default is a member of the Pre-Windows 2000
Compatible Access group which has these permissions, you will need to assign the permissions to
cpe_service_user only if the default is modified or Authenticated Users access
rights are restricted.