You can configure Rational® ClearQuest® LDAP authentication
in a variety of ways. This topic describes three common configurations
and shows examples of the installutil subcommand
entries used to achieve the configurations.
Attention: In releases prior to version 2003.06.15, the
Login name field of the Rational ClearQuest user
profile record always represented the name that users enter in the Rational ClearQuest Login
window. Beginning with version 2003.06.15, when you configure a Rational ClearQuest user
database set for LDAP authentication, the name that users enter at
the Rational ClearQuest Login
window can represent values other than the Rational ClearQuest user
profile Login name field value (CQ_LOGIN_NAME). If
you choose a configuration with a different value, the Login name
field does not represent the name that users enter in the Rational ClearQuest Login
window. If your user database set uses any Perl or Visual Basic scripts
that assume that the Login name field (that is, the value returned
by $UserObject->Name or $SessionObject->GetLoginName)
represents the name that users enter in the Rational ClearQuest Login
window, you may need to modify those scripts to ensure that they work
correctly.
Log in using user login name; map CQ_LOGIN_NAME to
%login%
The following
installutil subcommands
configure a database set so that users log in to IBM® Rational ClearQuest by entering their
user names in the
Rational ClearQuest Login
window. In the LDAP directory, the
uid attribute
stores the user names. The
installutil setcqldapmap subcommand
identifies CQ_LOGIN_NAME as the
Rational ClearQuest user
profile mapping field. In place of a mapping LDAP attribute, the subcommand
uses %login%, which resolves to the string that the user enters in
the
Rational ClearQuest Login
window
User Name field.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_LOGIN_NAME %login%
installutil validateldap 7.0.0 admin adminPW test_user testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using e-mail address; map CQ_EMAIL to mail
The
following
installutil subcommands configure
a database set so that users log in to Rational ClearQuest by entering their e-mail addresses
in the
Rational ClearQuest Login
window. In the LDAP directory, the
mail attribute stores
users' e-mail addresses. The
installutil setcqldapmap subcommand
identifies CQ_EMAIL as the
Rational ClearQuest user
profile mapping field, and
mail as the mapping
LDAP attribute.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(mail=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_EMAIL mail
installutil validateldap 7.0.0 admin adminPW test_user@ourcompany.com testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using badge number; map CQ_MISC_INFO to uid
The
following
installutil subcommands configure
a database set so that users log in to Rational ClearQuest by entering their badge numbers
in the
Rational ClearQuest Login
window. In the LDAP directory, the
uid attribute
stores users' badge numbers. The
installutil setcqldapmap subcommand
identifies CQ_MISC_INFO as the
Rational ClearQuest user
profile mapping field, and
uid as the mapping
LDAP attribute. In the
Rational ClearQuest User
Administration Tool, the
Description field
is the CQ_MISC_INFO field. Because
Rational ClearQuest user
profile records do not contain a field for badge number or employee
number, CQ_MISC_INFO is useful for storing such information.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-b ou=my_dept,o=ourcompany.com uid=%login%"
installutil setcqldapmap 7.0.0 admin adminPW CQ_MISC_INFO uid
installutil validateldap 7.0.0 admin adminPW 1D1758897 testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST