Sets a user for LDAP authentication. More specifically, this method sets the user account AuthenticationMode to LDAP_AUTHENTICATION, which authenticates against an LDAP server.
Optionally, configures the Rational ClearQuest to LDAP mapping correlation. The schema repository must be configured with an LDAP server location. Depending on the LDAP configuration status of the database set and whether the LDAP login name is supplied the method also copies the LDAP mapping attribute into the Rational® ClearQuest® mapping field.
All user databases in a Rational ClearQuest database set must be updated from the master schema repository before a user can log in to a user database using LDAP authentication (for user updates use the UpgradeInfo method of the User Object, or alternately, for all subscribed users, use the UpgradeMasterUserInfo method of the Database Object). See Upgrade von Benutzerinformationen von einem Schema-Repository auf eine Benutzerdatenbank durchführen for more information.
The method fails if the mapping field value is not unique across enabled LDAP users already in the database. It also fails if an LDAP error occurs while attempting to copy over the LDAP mapping attribute into the Rational ClearQuest mapping field.
Setting the AuthenticationMode for a user to LDAP_AUTHENTICATION sets the Rational ClearQuest user account password in the Rational ClearQuest database to a special value which indicates that the user is configured for LDAP authentication. This prevents earlier Rational ClearQuest clients from being able to login using Rational ClearQuest authentication, rather than the desired LDAP authentication.
If one or more of the above conditions is not met, then the SetLDAPAuthentication method does not copy the LDAP mapping attribute into the Rational ClearQuest mapping field. This is not an error condition. In particular, you can use the SetLDAPAuthentication method with the ldap_login_name argument set to a null string value (""). This allows an administrator to set Rational ClearQuest users to be LDAP authenticated users without requiring the administrator to supply the user LDAP login names. The LDAP mapping attribute will not be copied into the Rational ClearQuest mapping field in this case. This requires an Administrator to manually store the correct LDAP mapping attribute into the Rational ClearQuest mapping field (for example, user's e-mail). The user login will fail until the correct Rational ClearQuest field is updated with the required mapping information.
Using the SetLDAPAuthentication method without a valid LDAP login name requires a user to have the correct Rational ClearQuest LDAP mapping attribute set (for example, user's e-mail). The user login will fail until the correct Rational ClearQuest field is updated with the required mapping information.
VBScript
user.SetLDAPAuthentication(LDAP_login_name)
Perl
user->SetLDAPAuthentication(LDAP_login_name);
VBScript
'set the user authentication mode to ldap: Dim cquser2 ' a user object Dim ldap_login Dim mode ' the user authentication mode ldap_login = "yourusername@us.ibm.com" StdOut "Setting ldap authentication for " & cquser2.name & vbCrLf cquser2.SetLDAPAuthentication (ldap_login) ' verify the user authentication mode: StdOut "Getting authentication mode for user " & cquser2.name & vbCrLf mode = cquser2.GetAuthenticationMode StdOut "user mode: " & CStr(mode) & vbCrLf
Perl
# Check the user's authentication mode. # If it's not LDAP authentication, change it to be such sub Enforce_LDAP_Authentication_On_User { my($user, $LDAP_login) = @_; $authentication = $user->GetAuthenticationMode(); if ($authentication == $CQPerlExt::CQ_LDAP_AUTHENTICATION) { $auth_s = "LDAP Authenticated"; print "User's authentication mode is $auth_s. No Changes needed.\n"; return 0; } else { $auth_s = "CQ Authenticated"; eval{$user->SetLDAPAuthentication($LDAP_login);}; if ($@) { print "Couldnt run User->SetLDAPAuthentication. Error: $@\n"; die; } print "LDAP Authentication set.\n"; return 1; } }