A directory service account that Content Platform Engine uses to connect to the directory server.
Procedure
- Create the following directory server account:
- Directory service (bind) user account (CA Directory)
- Unique identifier
- cpe_service_user
- Description
- Provide the fully qualified distinguished name of cpe_service_user as the
directory service bind user name while running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory Configuration
Wizard.
cpe_service_user performs the following roles:
- Acts as the bind user specified by the application server to search through realms to
authenticate a user when the user logs in to a Content Platform Engine
client.
- Acts as the user specified in the GCD that searches users and groups to authorize access to a
specific FileNet® P8 object after a user has been
authenticated.
Provide the fully qualified distinguished name of cpe_service_user as
the LDAPBindDN while running Configuration Manager and also when you run the Administration Console for Content Platform Engine Directory Configuration Wizard. Available for viewing and
modifying in the Administration Console for Content Platform Engine Directory configuration
tab.
The Directory Service User cannot be accessed using referrals.
- Minimum required permissions
- Use your directory server's tools to grant
cpe_service_user at least the following minimum rights to all entries (including
user and group entries) in each security realm that is configured for your FileNet P8 domain: Read, Search, Compare.
Record this value in your customized Installation and Upgrade Worksheet. To find this property,
search the worksheet for instances of cpe_service_user.