Common LDAP configurations
You can configure Rational®
ClearQuest® LDAP
authentication in a variety of ways. This topic describes three common
configurations and shows examples of the installutil subcommand
entries used to achieve the configurations.
Attention: When you configure a Rational
ClearQuest user database set for LDAP authentication,
the name that users enter at the Rational
ClearQuest
Login window can represent values other than the Rational
ClearQuest user profile Login name field value
(CQ_LOGIN_NAME). If you choose a configuration with a different value, the Login
name field does not represent the name that users enter in the Rational
ClearQuest Login window. If your user database set
uses any Perl or Visual Basic scripts that assume that the Login name field (that is, the value
returned by $UserObject->Name or
$SessionObject->GetLoginName) represents the name that users enter in the
Rational
ClearQuest Login window, you may need to
modify those scripts to ensure that they work correctly.
Log in using user login name; map CQ_LOGIN_NAME to %login%
The following installutil subcommands
configure a database set so that users log in to Rational
ClearQuest by
entering their user names in the Rational
ClearQuest Login
window. In the LDAP directory, the uid attribute
stores the user names. The installutil setcqldapmap subcommand
identifies CQ_LOGIN_NAME as the Rational
ClearQuest user
profile mapping field. In place of a mapping LDAP attribute, the subcommand
uses %login%, which resolves to the string that the user enters in
the Rational
ClearQuest Login
window User Name field.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_LOGIN_NAME %login%
installutil validateldap 7.0.0 admin adminPW test_user testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using e-mail address; map CQ_EMAIL to mail
The
following installutil subcommands configure
a database set so that users log in to Rational
ClearQuest by
entering their e-mail addresses in the Rational
ClearQuest Login
window. In the LDAP directory, the mail attribute stores
users' e-mail addresses. The installutil setcqldapmap subcommand
identifies CQ_EMAIL as the Rational
ClearQuest user
profile mapping field, and mail as the mapping
LDAP attribute.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(mail=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_EMAIL mail
installutil validateldap 7.0.0 admin adminPW test_user@ourcompany.com testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using badge number; map CQ_MISC_INFO to uid
The
following installutil subcommands configure
a database set so that users log in toRational
ClearQuest by
entering their badge numbers in the Rational
ClearQuest Login
window. In the LDAP directory, the uid attribute
stores users' badge numbers. The installutil setcqldapmap subcommand
identifies CQ_MISC_INFO as the Rational
ClearQuest user
profile mapping field, and uid as the mapping
LDAP attribute. In the Rational
ClearQuest User
Administration Tool, the Description field
is the CQ_MISC_INFO field. Because Rational
ClearQuest user
profile records do not contain a field for badge number or employee
number, CQ_MISC_INFO is useful for storing such information.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-b ou=my_dept,o=ourcompany.com uid=%login%"
installutil setcqldapmap 7.0.0 admin adminPW CQ_MISC_INFO uid
installutil validateldap 7.0.0 admin adminPW 1D1758897 testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST