The installutil setcqldapmap subcommand identifies
the Rational® ClearQuest® user
profile field and the LDAP user attribute that Rational ClearQuest uses
to map a user account in the database set to a user account in the
LDAP directory.
Synopsis
- installutil setcqldapmap dbset_name cq_login cq_password [ –site site | –domain domain ] cq_user_field ldap_user_attribute
- installutil setcqldapmap dbset_name cq_login cq_password [
{–allsites | –site site }
| { –alldomains | –domain domain }
] –remove
Description
The installutil setcqldapmap subcommand
identifies the Rational ClearQuest user
profile field and the LDAP user attribute that Rational ClearQuest uses
to map a user account in the database set to a user account in the
LDAP directory. Rational ClearQuest retrieves
the value of the attribute from the LDAP user record that the installutil
setldapsearch subcommand returns, then searches the database set
for a user account whose mapping field value matches the attribute
value. After Rational ClearQuest finds
a match, it determines the user's authorization. It is run once per
domain, site, or both, if applicable.
To ensure that an LDAP
user account maps uniquely to a
Rational ClearQuest user
account,
Rational ClearQuest requires
that the following conditions are true:
- The value in the Rational ClearQuest mapping
field is unique among active Rational ClearQuest user
profile records that are enabled for LDAP authentication.
- The value in the LDAP mapping attribute is unique among LDAP user
records. It is the responsibility of the LDAP administrator to ensure
that the LDAP repository enforces this requirement. Rational ClearQuest does
not detect non-unique LDAP mapping attributes in the LDAP repository.
Be sure that the Rational ClearQuest user
profile field that you specify with the installutil setcqldapmap subcommand
is the same at all sites; however, the LDAP attribute that maps to
the Rational ClearQuest user
profile field can be different.
Options and Arguments
- –site site
- Specifies that the ldap_user_attribute setting
applies only to the site that you specify. If you do not specify –site site,
the subcommand settings apply to all sites. The cq_user_field setting
must be the same for all sites.
- –site site –remove
- –allsites –remove
- Removes the existing settings for the specified subcommand. You
must specify –site or –allsites with –remove.
Use –site to remove the settings at one specific site. Use –allsites to
remove the settings at all sites. You do not need to specify the cq_user_field and ldap_user_attribute arguments
when you specify –remove.
- –domain domain
- Rational ClearQuest supports
environments where multiple LDAP configurations can be used to authenticate.
Using this option specifies that the ldap_user_attribute setting
applies only to the indicated domain. If you do not specify this option,
the subcommand settings apply to all domains. The cq_user_field setting
must be the same for all domains.
- –domain domain –remove
- –alldomains –remove
- Removes the existing settings for the specified subcommand. You
must specify –domain or –alldomains with –remove.
Use –domain to remove the settings at one specific domain.
Use –alldomains to remove the settings at all domains. You
do not need to specify the cq_user_field and ldap_user_attribute arguments
when you specify –remove.
- cq_user_field
- One of the following fields that the subcommand uses to match
a Rational ClearQuest user
account to an LDAP user account:
- CQ_EMAIL
- CQ_FULLNAME
- CQ_LOGIN_NAME
- CQ_MISC_INFO
- CQ_PHONE
The cq_user_field setting must be
the same for all sites.
- ldap_user_attribute
- One of the attributes returned by the installutil setldapsearch subcommand
that the installutil setcqldapmap subcommand uses to match
a Rational ClearQuest user
account to an LDAP user account.
In place of an LDAP attribute,
you can specify the %login% parameter, which resolves to the login
name that the user enters.
Examples
In the following example, the
installutil
setcqldapmap subcommand specifies that the LDAP
mail attribute
should be mapped to the
Rational ClearQuest CQ_EMAIL user
profile field.
installutil setlcqldapmap dbset1 bob_admin bob_pw -domain Domain1 CQ_EMAIL mail