Common LDAP configurations

You can configure HCL Compass LDAP authentication in a variety of ways. This topic describes three common configurations and shows examples of the installutil subcommand entries used to achieve the configurations.

Attention: When you configure a HCL Compass user database set for LDAP authentication, the name that users enter at the HCL Compass Login window can represent values other than the HCL Compass user profile Login name field value (CQ_LOGIN_NAME). If you choose a configuration with a different value, the Login name field does not represent the name that users enter in the HCL Compass Login window. If your user database set uses any Perl or Visual Basic scripts that assume that the Login name field (that is, the value returned by $UserObject->Name or $SessionObject->GetLoginName) represents the name that users enter in the HCL Compass Login window, you may need to modify those scripts to ensure that they work correctly.

Log in using user login name; map CQ_LOGIN_NAME to %login%

The following installutil subcommands configure a database set so that users log in to HCL Compass by entering their user names in the HCL Compass Login window. In the LDAP directory, the uid attribute stores the user names. The installutil setcqldapmap subcommand identifies CQ_LOGIN_NAME as the HCL Compass user profile mapping field. In place of a mapping LDAP attribute, the subcommand uses %login%, which resolves to the string that the user enters in the HCL Compass Login window User Name field.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_LOGIN_NAME %login%
installutil validateldap 7.0.0 admin adminPW test_user testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST

Log in using e-mail address; map CQ_EMAIL to mail

The following installutil subcommands configure a database set so that users log in to HCL Compass by entering their e-mail addresses in the HCL Compass Login window. In the LDAP directory, the mail attribute stores users' e-mail addresses. The installutil setcqldapmap subcommand identifies CQ_EMAIL as the HCL Compass user profile mapping field, and mail as the mapping LDAP attribute.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(mail=%login%))"
installutil setcqldapmap 7.0.0 admin adminPW CQ_EMAIL mail
installutil validateldap 7.0.0 admin adminPW test_user@ourcompany.com testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST

Log in using badge number; map CQ_MISC_INFO to uid

The following installutil subcommands configure a database set so that users log in toHCL Compass by entering their badge numbers in the HCL Compass Login window. In the LDAP directory, the uid attribute stores users' badge numbers. The installutil setcqldapmap subcommand identifies CQ_MISC_INFO as the HCL Compass user profile mapping field, and uid as the mapping LDAP attribute. In the HCL Compass User Administration Tool, the Description field is the CQ_MISC_INFO field. Because HCL Compass user profile records do not contain a field for badge number or employee number, CQ_MISC_INFO is useful for storing such information.
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_ONLY
installutil setldapinit 7.0.0 admin adminPW "-h ourldapserver.ourcompany.com"
installutil setldapsearch 7.0.0 admin adminPW "-b ou=my_dept,o=ourcompany.com uid=%login%"
installutil setcqldapmap 7.0.0 admin adminPW CQ_MISC_INFO uid
installutil validateldap 7.0.0 admin adminPW 1D1758897 testPW
installutil setauthenticationalgorithm 7.0.0 admin adminPW CQ_FIRST