Using LDAP with Rational ClearQuest
Rational ClearQuest offers two methods of user authentication. You can use traditional Rational ClearQuest authentication or use the industry standard Lightweight Directory Access Protocol (LDAP) to authenticate using an LDAP directory server. With Rational ClearQuest authentication, a user enters a user name and password to log on, and Rational ClearQuest verifies that they match a user name and password stored in the Rational ClearQuest database set (schema repository).
With LDAP authentication, a user enters a user name and password in the same Rational ClearQuest login window and Rational ClearQuest checks an LDAP directory for a matching user record. Rational ClearQuest supports environments where multiple LDAP configurations can be used to authenticate.
To authenticate users against the Rational ClearQuest database set, use the User Administration Tool to enter and manage user name and password information.
To authenticate users against an LDAP-compliant directory, use the user names and passwords that are maintained in the directory. If you have configured Rational ClearQuest to support multiple LDAP configurations, users must login by prefixing their user name with the LDAP domain name, for example, DOMAIN1\user_name. Using LDAP authentication can decrease administration and user support costs by reducing the number of passwords that users have to remember. LDAP can also improve security by enforcing the password management policies implemented in the directory.
Regardless of the type of authentication (LDAP or Rational ClearQuest) that you use, Rational ClearQuest performs the authorization. That is, information in the Rational ClearQuest database is used to determine user database access and group participation. Use the Rational ClearQuest User Administration tool to specify authorization information and to maintain user profiles.
This topic is intended for Rational ClearQuest administrators.