Common LDAP configurations

You can configure Rational® ClearQuest® LDAP authentication in a variety of ways. This topic describes three common configurations and shows examples of the installutil subcommand entries used to achieve the configurations.
Attention: When you configure a Rational ClearQuest user database set for LDAP authentication, the name that users enter at the Rational ClearQuest Login window can represent values other than the Rational ClearQuest user profile Login name field value (CQ_LOGIN_NAME). If you choose a configuration with a different value, the Login name field does not represent the name that users enter in the Rational ClearQuest Login window. If your user database set uses any Perl or Visual Basic scripts that assume that the Login name field (that is, the value returned by $UserObject->Name or $SessionObject->GetLoginName) represents the name that users enter in the Rational ClearQuest Login window, you may need to modify those scripts to ensure that they work correctly.

Log in using user login name; map CQ_LOGIN_NAME to %login%

The following installutil subcommands configure a database set so that users log in to Rational ClearQuest by entering their user names in the Rational ClearQuest Login window. In the LDAP directory, the uid attribute stores the user names. The installutil setcqldapmap subcommand identifies CQ_LOGIN_NAME as the Rational ClearQuest user profile mapping field. In place of a mapping LDAP attribute, the subcommand uses %login%, which resolves to the string that the user enters in the Rational ClearQuest Login window User Name field. 
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_LOGIN_NAME %login%
installutil validateldap 7.0.0 admin adminPW test_user testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST

Log in using e-mail address; map CQ_EMAIL to mail

The following installutil subcommands configure a database set so that users log in to Rational ClearQuest by entering their e-mail addresses in the Rational ClearQuest Login window. In the LDAP directory, the mail attribute stores users' e-mail addresses. The installutil setcqldapmap subcommand identifies CQ_EMAIL as the Rational ClearQuest user profile mapping field, and mail as the mapping LDAP attribute. 
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(mail=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_EMAIL mail
installutil validateldap 7.0.0 admin adminPW test_user@ourcompany.com testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST

Log in using badge number; map CQ_MISC_INFO to uid

The following installutil subcommands configure a database set so that users log in toRational ClearQuest by entering their badge numbers in the Rational ClearQuest Login window. In the LDAP directory, the uid attribute stores users' badge numbers. The installutil setcqldapmap subcommand identifies CQ_MISC_INFO as the Rational ClearQuest user profile mapping field, and uid as the mapping LDAP attribute. In the Rational ClearQuest User Administration Tool, the Description field is the CQ_MISC_INFO field. Because Rational ClearQuest user profile records do not contain a field for badge number or employee number, CQ_MISC_INFO is useful for storing such information. 
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-b ou=my_dept,o=ourcompany.com uid=%login%"
installutil setcqldapmap 7.0.0 admin adminPW CQ_MISC_INFO uid
installutil validateldap 7.0.0 admin adminPW 1D1758897 testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Parent topic: Setting up LDAP authentication
Related concepts:
LDAP configuration steps for Rational ClearQuest
MultiSite considerations
Enabling SSL Encryption with GSKit
Configure FIPS 140-2 approved data encryption
Related tasks:
Disabling LDAP authentication
Configuring Rational ClearQuest with LDAP user authentication for TLS 1.2 to support NIST SP 800-131A guidelines
TLS 1.0/1.1 ciphers disabled by default for secure LDAP connections
Related reference:
Collecting LDAP information
Quick-reference LDAP worksheet