Impact on Existing APIs

Depending on the authentication algorithm of the schema repository, there may be an impact on the following parts of the existing Rational® ClearQuest® API.

CreateUser method of the AdminSession object.
This function remains the same despite the AuthenticationAlgorithm for the schema repository. However, the CreateUser method creates a Rational ClearQuest authenticated user with a blank password. To create an LDAP authenticated user
- Use the CreateUserLDAPAuthenticated function, or
- Use CreateUser and then call the SetLDAPAuthentication method for that user object to convert it to LDAP authentication.
Depending on the authentication mode of a user, there may be impact on existing Rational ClearQuest API methods of the User object.
- If Rational ClearQuest authentication (CQ_AUTHENTICATION) is configured, the following existing functions retain their current behavior.
  - SetPassword method of the User object
  - SetLoginName method of the User object
- If LDAP authentication (LDAP_AUTHENTICATION) is configured, the following existing functions will have modified behavior.
  - SetPassword(new_password) method of the User object
    If LDAP authentication is enabled for the user account, the user password is the value stored in the LDAP repository. It cannot be set using SetPassword. Calling SetPassword returns an error unless the argument value is an empty string (""). The USER_ADMIN user privilege is required to make this call.
  - SetLoginName(new_login_name, new_password) method of the User object.
    If LDAP authentication is enabled for the user account, you can change the login name but not the password. The new_password argument value must be the empty string (""). The USER_ADMIN user privilege is required to change the login name.
In releases prior to version 2003.06.15, the Login name field of the Rational ClearQuest user profile record always represented the name that users enter in the Rational ClearQuest Login window. Beginning with version 2003.06.15, when you configure a Rational ClearQuest user database for LDAP authentication, the name that users enter at the ClearQuest Login window can represent values other than the ClearQuest user profile Login name field value (CQ_LOGIN_NAME). If you choose a configuration with a different value, the Login name field does not represent the name that users enter in the Rational ClearQuest Login window. If your user database uses any Perl or Visual Basic scripts that assume that the Login name field (that is, the value returned by $UserObject->Name or $SessionObject->GetLoginName) represents the name that users enter in the Login window, you may need to modify those scripts to ensure that they work correctly.

Specifically, if using LDAP authentication, any existing Rational ClearQuest API method that requires or returns a value currently documented as a Rational ClearQuest login name (such as CQ_login_name) should be handled as a Rational ClearQuest user profile name (such as CQ_user_name, that is, the value of the User object Name field).

The GetAuthenticationLoginName method of the Session object and of the AdminSession object returns the string that a user enters at the Rational ClearQuest Login window. See GetAuthenticationLoginName method of the Session object and GetAuthenticationLoginName method of the AdminSession object.

The GetUserLoginName of the AdminSession object returns the Rational ClearQuest user name stored in the database. See GetUserLoginName method of the AdminSession object

Note: The Rational ClearQuest user profile field that is used for correlating LDAP user records to Rational ClearQuest user records is the CQLDAPMap field.

Note:
The following characters cannot be included in a Rational ClearQuest user profile Name field (CQ_LOGIN_NAME), for Rational ClearQuest authentication, or in a CQLDAPMap mapping value, for LDAP authentication.

! {the space character} " # $ % & ' ( ) * + , / : ; < = > ? [ \ ] ^ ` { | }

Login names and CQLDAPMap mapping values cannot have any characters that are not valid nor reserved keywords for the database or prohibited by Rational ClearQuest interfaces.