setldapinit

Use the setldapinit subcommand to set the parameter string that is required to connect a Rational® ClearQuest® database set to the LDAP directory used for authentication.

Synopsis

installutil setldapinit dbset_name cq_login cq_password [ –site site | –domain domain ] "params"
installutil setldapinit dbset_name cq_login cq_password [ { –allsites | –site site } | { –alldomains | –domain domain } ] –remove

Description

Use the setldapinit subcommand to set the parameter string that is required to connect a Rational ClearQuest database set to the LDAP directory used for authentication. It is run once per domain, site, or both, if applicable.

Options and Arguments

–site site
Specifies that the parameter settings apply only to the site that you specify. If you do not specify –site site, the parameter settings apply to all sites.
–site site –remove
–allsites –remove
Removes the existing settings for the specified subcommand. You must specify –site or –allsites with –remove. Use –site to remove the settings at one specific site. Use –allsites to remove the settings at all sites.
–domain domain
Specifies that the parameter settings apply only to the domain that you specify. If you do not specify –domain domain, the parameter settings apply to all domains.
–domain domain –remove
–alldomains –remove
Removes the existing settings for the specified subcommand. You must specify –domain or –alldomains with –remove. Use –domain to remove the settings at one specific domain. Use –alldomains to remove the settings at all domains.
params
A string that consists of a subset of the arguments available for use with the IBM® Tivoli® Directory Server Client ldapsearch function. This string is not required when you specify –remove. If any argument in this string contains a special character, such as a space, backward slash, or double quotes, you must enclose the argument in single quotes. For more information about the ldapsearch syntax, see IBM Tivoli Directory Administration Guide, which is available in the IBM Publications Center at http://www.ibm.com/shop/publications/order.

Arguments for ldapsearch function

–h ldaphost
A host on which the LDAP server is running. The IBM Tivoli documentation describes several ways to specify multiple host names. Use single quotes to enclose a list of multiple host names, and use spaces to separate the host names.
–p ldapport
A TCP port where the LDAP server listens. The default LDAP port is 389. If you specify –Z and do not specify a port with –p, the default SSL port is 636.
–D bindname
Binds a user account to a distinguished name (DN) in the LDAP directory tree. The bindname argument is a string-represented DN. If you do not specify –D, LDAP performs an anonymous user search.
–w passwd
The password to use to authenticate the user account at the DN that you specify with the –D argument.
–Z
Indicates that a secure SSL connection is to be used to communicate with the LDAP server. This option is supported only when the SSL component, as provided by IBM's GSKit, is installed.
–K keyfile
The name of the SSL key database file (with extension of kdb). You must enclose the key database file name in single quotes. Rational ClearQuest determines which platform it is running on and then selects the certificate store location from the –K string that matches that platform. The Platform choices are win: and unix:. You can override the –K setting by setting the RATL_SSL_KEYRING environment variable. If you do not specify –K or set the RATL_SSL_KEYRING environment variable, Rational ClearQuest looks in the \Rational\Common directory for a file called ldapkey.kdb.
–P keyfilepw
The key database file password. This password is required to access the encrypted information in the key database file (which may include one or more certificates). If you do not specify this argument, GSKit looks in the directory that contains the key database file for a password stash file of the same name as the key database file with an extension of .sth. The .sth extension identifies a password stash file, which can contain an encrypted password that GSKit knows how to retrieve. If you do not specify –Z and –K, Rational ClearQuest ignores the –P argument.
–N certificatename
The label associated with the client certificate in the key database file.
–R
If an LDAP search returns a referral object, then by default the LDAP libraries chase that referral until the actual object being searched upon is found. This switch disables referral chasing.

Examples

In the following example, the setldapinit subcommand configures the dbset1 database set for LDAP authentication. The ClearQuest login user name is bob_admin and the login password is bob_pw. The host on which the LDAP server runs is ldap_host1.
Installutil setldapinit dbset1 bob_admin bob_pw -domain Domain1 "-h cqldapi60 -p 389  -D uid=0A9701897,OU=bluepages,o=ibm.com -w pswd"
Depending on your LDAP environment, you might need to specify additional configuration settings. For example, if the LDAP server does not allow anonymous searches, ask your LDAP administrator to create an LDAP account with privileges that allow Rational ClearQuest to perform the search of the LDAP directory as specified by the setldapsearch subcommand. Use the –D and –w options to specify the bindname and password of such a search account.

See also

installutil


Feedback