Use the setldapinit subcommand to set the parameter string that is required to
connect a Rational® ClearQuest® database set to the
LDAP directory used for authentication.
Synopsis
- installutil setldapinit
dbset_name
cq_login
cq_password [ –site
site | –domain
domain ] "params"
- installutil setldapinit
dbset_name
cq_login
cq_password [ { –allsites | –site
site } | { –alldomains | –domain
domain } ] –remove
Description
Use the setldapinit subcommand to set the parameter string that is required to connect a
Rational ClearQuest database set to the LDAP
directory used for authentication. It is run once per domain, site, or both, if applicable.
Options and Arguments
- –site
site
- Specifies that the parameter settings apply only to the site that you specify. If you do not
specify –site
site, the parameter settings apply to all sites.
- –site
site
–remove
- –allsites –remove
- Removes the existing settings for the specified subcommand. You must specify –site or
–allsites with –remove. Use –site to remove the settings at one specific site.
Use –allsites to remove the settings at all sites.
- –domain
domain
- Rational ClearQuest supports environments where
multiple LDAP configurations can be used to authenticate. Use this option to specify that the
parameter settings apply only to the indicated domain. If you do not specify this option, the
parameter settings apply to all domains.
- –domain
domain
–remove
- –alldomains –remove
- Removes the existing settings for the specified domains. You must specify –domain or
–alldomains with –remove. Use –domain to remove the settings at one specific
domain. Use –alldomains to remove the settings at all domains.
- params
- A string that consists of a subset of the arguments available for use with the IBM®
Tivoli® Directory Server Client ldapsearch function.
This string is not required when you specify –remove. If any argument in the string contains
a special character such as a space, backward slash, or double quotes, you must enclose the argument
in single quotes.
Arguments for ldapsearch function
- –h ldaphost
- A host on which the LDAP server is running. The IBM
Tivoli documentation describes several ways to specify
multiple host names. Use single quotes to enclose a list of multiple host names, and use spaces to
separate the host names.
- –p ldapport
- A TCP port where the LDAP server listens. The default LDAP port is 389. If you specify –Z
and do not specify a port with –p, the default SSL port is 636.
- –D bindname
- Binds a user account to a distinguished name (DN) in the LDAP directory tree. The
bindname argument is a distinguished name represented as a text string. If you do
not specify –D, LDAP performs an anonymous user search.
Attention: The bindname and associated password (described next)
should be a user account and password that do not expire. Else, you will need to reconfigure the
bindname and password.
- –w passwd
- The password to use to authenticate the user account at the DN that you specify with the
–D argument.
- –Z
- Indicates that a secure SSL connection is to be used to communicate with the LDAP server. This
option is supported only when the SSL component, as provided by IBM's GSKit, is installed.
- –K keyfile
- The name of the SSL key database file (with extension of kdb). You must enclose the key database
file name in single quotes. Rational ClearQuest
determines which platform it is running on and then selects the certificate store location from the
–K string that matches that platform. The Platform choices are win: and unix:.
You can override the –K setting by setting the RATL_SSL_KEYRING environment variable. If you
do not specify –K or set the RATL_SSL_KEYRING environment variable, Rational ClearQuest looks in the \Rational\Common
directory for a file called ldapkey.kdb.
- –P keyfilepw
- The key database file password. This password is required to access the encrypted information in
the key database file (which may include one or more certificates). If you do not specify this
argument, GSKit looks in the directory that contains the key database file for a password stash file
of the same name as the key database file with an extension of .sth. The .sth extension identifies a
password stash file, which can contain an encrypted password that GSKit knows how to retrieve. If
you do not specify –Z and –K, Rational ClearQuest ignores the –P argument.
- –N certificatename
- The label associated with the client certificate in the key database file.
- –R
- Use this command-line argument to disable LDAP referral chasing when running the
installutil setldapinit command to connect a Rational ClearQuest database set to authenticate by using the
LDAP directory server.
By default, if an LDAP search returns a referral object, the LDAP
libraries search for the referral object until it is found. Rational ClearQuest versions 2003.06.15 and above support LDAP
with referral chasing enabled on the LDAP server as long as the base search path does not start at
the top of the LDAP directory tree. When setting up LDAP authentication for a ClearQuest database set, you might choose to temporarily disable
referral chasing on the LDAP server. Alternatively, you might choose to deploy a separate LDAP
server for ClearQuest with referral chasing
disabled.
Attention: You might need to keep LDAP referral chasing enabled when connecting to a
Microsoft
Windows Active Directory server.
- –S
- The SSL security protocol; for a list of supported values, refer to http://www-01.ibm.com/support/docview.wss?uid=swg21646724.
- –C
- The SSL cipher; for a list of supported values, refer to http://www-01.ibm.com/support/docview.wss?uid=swg21646724.
Examples
In the following example, the
setldapinit subcommand configures the
dbset1 database set for LDAP authentication. The ClearQuest login user name is
bob_admin and the login
password is
bob_pw. The host on which the LDAP server runs is
ldap_host1.
installutil setldapinit dbset1 bob_admin bob_pw -domain Domain1 "-h ldap_host1 -p 389 -D uid=0A9701897,OU=bluepages,o=ibm.com -w pswd"
Depending
on your LDAP environment, you might need to specify additional configuration settings. For example,
if the LDAP server does not allow anonymous searches, ask your LDAP administrator to create an LDAP
account with privileges that allow
Rational ClearQuest to perform the search of the LDAP directory as specified by the
setldapsearch subcommand.
Use the
–D and
–w options to specify the bindname and password of such a search
account.