AuthenticationAlgorithm constants specify
which authentication search strategy is selected when a Rational ClearQuest® user
logs on.
Note: This enumerated constant became available in version 2003.06.14.
Constant |
Value |
Description |
_CQ_FIRST |
2 |
Authenticate using traditional Rational® ClearQuest user
authentication as the preference, and failing that, attempt to authenticate
using LDAP authentication. |
_CQ_ONLY |
3 |
Traditional Rational ClearQuest user
authentication. Does not allow LDAP authentication. This is the default mode. |
Setting the AuthenticationAlgorithm for the schema repository
controls how
Rational ClearQuest searches
to find the correct authentication method. Specifically, the AuthenticationAlgorithm
controls the search flow.
- CQ_FIRST: Rational ClearQuest attempts
a traditional Rational ClearQuest authentication
and searches for a Rational ClearQuest user
record that matches the login name:
- If the search succeeds, Rational ClearQuest checks
the Rational ClearQuest user
record to see if it is configured as a Rational ClearQuest authenticated
user:
- If configured for Rational ClearQuest authentication,
performs traditional authentication.
- If configured as LDAP, performs LDAP authentication. The Rational ClearQuest to
LDAP mapping correlation must map back to this same Rational ClearQuest user
account, or an error is generated.
- If the search fails, performs an LDAP authentication, in case the user
is an LDAP authenticated user:
- If successful, allows the user to access Rational ClearQuest as
normal
If the authentication succeeds, the
Rational ClearQuest user
records are searched for the user record that corresponds to that LDAP account.
The correspondence is through a mapping of a particular (configurable)
Rational ClearQuest user profile
field to a (configurable) LDAP attribute field of the LDAP user account just
authenticated against.
Note: One of the following user profile
fields:
Email,
FullName,
Phone,
MiscInfo,
LoginName is configured for LDAP users as the
Rational ClearQuest and LDAP
mapping field. The corresponding
Rational ClearQuest API
set function for that field (
SetEmail,
SetFullName,
SetPhone,
SetMiscInfo, or
SetLoginName) can only be called successfully by
the Administrator (
USER_ADMIN user privilege), for LDAP users.
The value in this mapping field must be the same as the value in the correlated
LDAP attribute and be unique among ClearQuest and LDAP users. See
CQLDAPMap field constants.
- If unsuccessful, Rational ClearQuest returns
an error.
- CQ_ONLY: Performs traditional Rational ClearQuest authentication.
Does not attempt to perform an LDAP authentication. This is the default.