SetAuthenticationAlgorithm
Description
Sets the AuthenticationAlgorithm for the schema repository.
Marks the entire schema repository as having a preference for being authenticated in a particular manner. Select an authentication algorithm value which corresponds to the AuthenticationMode configured for the majority of users of the databases in the schema repository. For example, if most users are going to be configured with an authentication mode of LDAP_AUTHENTICATION, then set the schema repository AuthenticationAlgorithm to LDAP_FIRST.
The CQ_FIRST authentication algorithm for a schema repository allows LDAP authentication, after first checking if traditional HCL Compass authentication is configured for the login name. The Compass schema repository is first checked for a user profile record that has the same user name as the given login name. If the user is found, then that user's authentication mode is used to determine if traditional Compass or LDAP authentication is to be used for the selected user. If there is no user record in the schema repository that has the same user name as the login name, then LDAP authentication is attempted. If the LDAP server authenticates the login name and password pair as valid then the LDAP mapping attribute (using the installutil setcqldapmap command) is used to find a Compass user profile record that has the same mapping profile field value as the LDAP user's mapping attribute value.
USER_ADMIN
)
to set this value.Changing the AuthenticationAlgorithm for the control flow of authentication for the schema repository as a whole does not change the authentication mode for any existing HCL Compass user accounts. To change the mode of authentication for a particular user, the Administrator must change the AuthenticationMode for that particular user.
If
the AuthenticationAlgorithm is changed to CQ_ONLY
,
then any existing LDAP authenticated HCL Compass user
will fail to be able to login since LDAP authentication is not allowed.
The Compass administrator
will need to individually reconfigure these users as Compass authenticated
users.
However, if the AuthenticationAlgorithm is changed
back to CQ_FIRST
and the administrator has not reconfigured
LDAP authenticated users, then those users would be able to authenticate
using LDAP.
Syntax
VBScript
adminSession.SetAuthenticationAlgorithm(AuthenticationAlgorithm)
Perl
$adminSession->SetAuthenticationAlgorithm
(AuthenticationAlgorithm);
- Identifier
- Description
- adminSession
- The AdminSession object representing the current schema repository access session.
- AuthenticationAlgorithm
- A Long containing the AuthenticationAlgorithm of the schema repository.
- Return value
- None on success, else an exception is thrown (due to an incorrect input value, or other unexpected condition).
Examples
VBScript
' set the admin session ...
set adminSession = CreateObject("ClearQuest.AdminSession")
adminSession.Logon "admin", "admin", ""
' set preferred authentication algorithm:
Dim cquser2 ' a user object
Dim authAlg ' the authentication algorithm value
authAlg = AD_CQ_FIRST ' set preference
StdOut "Setting authentication algorithm for schema to "
& CStr(authAlg) & vbCrLf
adminSession.SetAuthenticationAlgorithm (authAlg)
StdOut "Authentication algorithm set to: " & CStr(authAlg)
& vbCrLf
Perl
use CQPerlExt;
#Create a HCL Compass
admin session
$adminSession = CQAdminSession::Build();
#Logon as admin
$adminSession->Logon( "admin", "admin", "" );
$adminSession->SetAuthenticationAlgorithm($CQPerlExt::CQ_CQ_FIRST);
# ...
CQAdminSession::Unbuild($adminSession);