Schema Repository AuthenticationAlgorithm

The AuthenticationAlgorithm controls the authentication search logic. It can restrict the authentication algorithm to use only the traditional Rational® ClearQuest® Authentication scheme, or it can allow both Rational ClearQuest and LDAP authentication for the database set. The administrator configures an AuthenticationAlgorithm to be used when authenticating users by specifying the algorithm for the schema repository as a whole.

The following AdminSession object functions allow you to manage and change the authentication control flow.
  • SetAuthenticationAlgorithm(AuthenticationAlgorithm);
  • GetAuthenticationAlgorithm( );
Note: The GetAuthenticationAlgorithm method returns a cached value of the AuthenticationAlgorithm which is initialized when the AdminSession object is created. The returned value will not reflect a newly updated value changed (by calling the SetAuthenticationAlgorithm method or using the installutil setauthenticationalgorithm command) until the AdminSession object is closed and a new AdminSession object is created and used instead.
The valid values for the authentication algorithm are:
  • CQ_FIRST: The Rational ClearQuest schema repository is searched first for a Rational ClearQuest user profile record with the same user name as the given login name, and the user is authenticated based on the AuthenticationMode for that user record. If there is no Rational ClearQuest user profile record with the given login name, then LDAP authentication is attempted.
  • CQ_ONLY: traditional Rational ClearQuest user authentication. Does not allow LDAP authentication. This is the default mode.

See AuthenticationAlgorithm for more information on these algorithm types. For more information on the methods, see GetAuthenticationAlgorithm and SetAuthenticationAlgorithm.

Note: Traditional Rational ClearQuest authentication is always an option for user accounts.

Changing the AuthenticationAlgorithm for the schema repository as a whole does not change the authentication mode for any existing Rational ClearQuest user accounts. To change the mode of authentication for a particular user, the administrator must change the AuthenticationMode for that particular user. See User AuthenticationMode

Parent topic: Performing user administration