Common LDAP configurations
You can configure HCL Compass LDAP authentication in a variety of ways. This topic describes three common configurations and shows examples of the installutil subcommand entries used to achieve the configurations.
Attention: When you configure a HCL Compass user database set for LDAP authentication,
the name that users enter at the HCL Compass
Login window can represent values other than the HCL Compass user profile Login name field value
(
CQ_LOGIN_NAME
). If you choose a configuration with a different value, the Login
name field does not represent the name that users enter in the HCL Compass Login window. If your user database set
uses any Perl or Visual Basic scripts that assume that the Login name field (that is, the value
returned by $UserObject->Name
or
$SessionObject->GetLoginName
) represents the name that users enter in the
HCL Compass Login window, you may need to
modify those scripts to ensure that they work correctly. Log in using user login name; map CQ_LOGIN_NAME to %login%
The following installutil subcommands
configure a database set so that users log in to HCL Compass by
entering their user names in the HCL Compass Login
window. In the LDAP directory, the uid attribute
stores the user names. The installutil setcqldapmap subcommand
identifies CQ_LOGIN_NAME as the HCL Compass user
profile mapping field. In place of a mapping LDAP attribute, the subcommand
uses %login%, which resolves to the string that the user enters in
the HCL Compass Login
window User Name field.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_LOGIN_NAME %login%
installutil validateldap 7.0.0 admin adminPW test_user testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using e-mail address; map CQ_EMAIL to mail
The
following installutil subcommands configure
a database set so that users log in to HCL Compass by
entering their e-mail addresses in the HCL Compass Login
window. In the LDAP directory, the mail attribute stores
users' e-mail addresses. The installutil setcqldapmap subcommand
identifies CQ_EMAIL as the HCL Compass user
profile mapping field, and mail as the mapping
LDAP attribute.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(mail=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_EMAIL mail
installutil validateldap 7.0.0 admin adminPW test_user@ourcompany.com testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST
Log in using badge number; map CQ_MISC_INFO to uid
The
following installutil subcommands configure
a database set so that users log in toHCL Compass by
entering their badge numbers in the HCL Compass Login
window. In the LDAP directory, the uid attribute
stores users' badge numbers. The installutil setcqldapmap subcommand
identifies CQ_MISC_INFO as the HCL Compass user
profile mapping field, and uid as the mapping
LDAP attribute. In the HCL Compass User
Administration Tool, the Description field
is the CQ_MISC_INFO field. Because HCL Compass user
profile records do not contain a field for badge number or employee
number, CQ_MISC_INFO is useful for storing such information.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-b ou=my_dept,o=ourcompany.com uid=%login%"
installutil setcqldapmap 7.0.0 admin adminPW CQ_MISC_INFO uid
installutil validateldap 7.0.0 admin adminPW 1D1758897 testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST