You can configure Rational ClearQuest® LDAP authentication in
a variety of ways. This topic describes three common configurations and shows
examples of the installutil subcommand entries used to
achieve the configurations.
Note: In releases prior to version 2003.06.15, the Login name field of the Rational® ClearQuest user profile
record always represented the name that users enter in the Rational ClearQuest Login
window. Beginning with version 2003.06.15, when you configure a Rational ClearQuest user
database set for LDAP authentication, the name that users enter at the Rational ClearQuest Login window
can represent values other than the Rational ClearQuest user
profile Login name field value (CQ_LOGIN_NAME). If you choose
a configuration with a different value, the Login name field does not represent
the name that users enter in the Rational ClearQuest Login
window. If your user database set uses any Perl or Visual Basic scripts that
assume that the Login name field (that is, the value returned by $UserObject->Name or $SessionObject->GetLoginName) represents the name that users enter in the Rational ClearQuest Login
window, you may need to modify those scripts to ensure that they work correctly.
See the IBM Rational ClearQuest API Reference for
details about how to modify scripts.
Log in using user login name; map CQ_LOGIN_NAME to %login%
The following
installutil subcommands
configure a database set so that users log in to IBM Rational ClearQuest by
entering their user names in the
Rational ClearQuest Login
window. In the LDAP directory, the
uid attribute stores
the user names. The
setcqldapmap subcommand identifies
CQ_LOGIN_NAME as the
Rational ClearQuest user
profile mapping field. In place of a mapping LDAP attribute, the subcommand
uses %login%, which resolves to the string that the user enters in the
Rational ClearQuest Login window
User
Name field.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_LOGIN_NAME %login%
installutil validateldap 7.0.0 admin adminPW test_user testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using e-mail address; map CQ_EMAIL to mail
The following
installutil subcommands
configure a database set so that users log in to Rational ClearQuest by
entering their e-mail addresses in the
Rational ClearQuest Login
window. In the LDAP directory, the
mail attribute stores users' e-mail
addresses. The
setcqldapmap subcommand identifies CQ_EMAIL
as the
Rational ClearQuest user
profile mapping field, and
mail as the mapping LDAP
attribute.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(mail=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_EMAIL mail
installutil validateldap 7.0.0 admin adminPW test_user@ourcompany.com testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using badge number; map CQ_MISC_INFO to uid
The following
installutil subcommands
configure a database set so that users log in to Rational ClearQuest by
entering their badge numbers in the
Rational ClearQuest Login
window. In the LDAP directory, the
uid attribute stores
users' badge numbers. The
setcqldapmap subcommand identifies
CQ_MISC_INFO as the
Rational ClearQuest user
profile mapping field, and
uid as the mapping LDAP
attribute. In the
Rational ClearQuest User
Administration Tool, the
Description field is the CQ_MISC_INFO
field. Because
Rational ClearQuest user
profile records do not contain a field for badge number or employee number,
CQ_MISC_INFO is useful for storing such information.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-b ou=my_dept,o=ourcompany.com uid=%login%"
installutil setcqldapmap 7.0.0 admin adminPW CQ_MISC_INFO uid
installutil validateldap 7.0.0 admin adminPW 1D1758897 testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST