AuthenticationAlgorithm constants
AuthenticationAlgorithm constants specify which authentication search strategy is selected when a Rational® ClearQuest® user logs on.
Note: This enumerated constant became available in version 2003.06.14.
| Constant | Value | Description |
|---|---|---|
| _CQ_FIRST | 2 | Authenticate using traditional Rational ClearQuest user authentication as the preference, and failing that, attempt to authenticate using LDAP authentication. |
| _CQ_ONLY | 3 | Traditional Rational ClearQuest user authentication. Does not allow LDAP authentication. This is the default mode. |
Setting the AuthenticationAlgorithm for the schema repository
controls how Rational
ClearQuest searches
to find the correct authentication method. Specifically, the AuthenticationAlgorithm
controls the search flow.
- CQ_FIRST: Rational
ClearQuest attempts
a traditional Rational
ClearQuest authentication
and searches for a Rational
ClearQuest user
record that matches the login name:
- If the search succeeds, Rational
ClearQuest checks
the Rational
ClearQuest user
record to see if it is configured as a Rational
ClearQuest authenticated
user:
- If configured for Rational ClearQuest authentication, performs traditional authentication.
- If configured as LDAP, performs LDAP authentication. The Rational ClearQuest to LDAP mapping correlation must map back to this same Rational ClearQuest user account, or an error is generated.
- If the search fails, performs an LDAP authentication, in case
the user is an LDAP authenticated user:
- If successful, allows the user to access Rational
ClearQuest as
normal If the authentication succeeds, the Rational ClearQuest user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) Rational ClearQuest user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the Rational ClearQuest and LDAP mapping field. The corresponding Rational ClearQuest API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the Administrator (USER_ADMIN user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute and be unique among Rational ClearQuest and LDAP users. See CQLDAPMap field constants.
- If unsuccessful, Rational ClearQuest returns an error.
- If successful, allows the user to access Rational
ClearQuest as
normal
- If the search succeeds, Rational
ClearQuest checks
the Rational
ClearQuest user
record to see if it is configured as a Rational
ClearQuest authenticated
user:
- CQ_ONLY: Performs traditional Rational ClearQuest authentication. Does not attempt to perform an LDAP authentication. This is the default.