Factors to keep in mind when setting up LDAP authentication
at a site using Rational® ClearQuest® MultiSite.
If
your team uses Rational ClearQuest MultiSite, keep
in mind the following factors as you enable the ClearQuest database set for LDAP authentication:
- You can run the installutil set subcommands
only from the working master site of the schema repository. MultiSite
replicates the LDAP parameters that you set to the other sites in
the clan. LDAP-authenticated users at a remote site cannot log in
to Rational ClearQuest until
MultiSite replicates the parameters to that remote site.
- By default, the parameters that you set apply to all sites in
the clan. To apply parameters to a specific site use the –site argument.
- Be sure that the Rational ClearQuest user
profile field that you specify with the setcqldapmap subcommand
is the same at all sites; however, the LDAP attribute that maps to
the Rational ClearQuest user
profile field can be different.
- Because you can run the set subcommands only from the working
master site, the administrator of a remote site cannot set parameters
specific to that site. You, as administrator of the working master
site, must set the site-specific parameters or you can make the remote
site the working master site so that the remote site's administrator
can run the subcommands.
- You can run the validateldap subcommand with
the –site option to validate a remote site's LDAP
settings only if your computer can connect to the LDAP server at that
site. If your computer cannot connect to the LDAP server, arrange
for the remote site administrator to run the subcommand at the remote
site.
- A user's authentication mode is the same for all sites in a clan.
You must set a user's authentication mode only at the site where the
user is mastered by using the User Administration GUI or by running
the SetupCQLDAP.pl script or a script that you
write.