SetAuthenticationAlgorithm

Description

Sets the AuthenticationAlgorithm for the schema repository.

Marks the entire schema repository as having a preference for being authenticated in a particular manner. Select an authentication algorithm value which corresponds to the AuthenticationMode configured for the majority of users of the databases in the schema repository. For example, if most users are going to be configured with an authentication mode of LDAP_AUTHENTICATION, then set the schema repository AuthenticationAlgorithm to LDAP_FIRST.

The CQ_FIRST authentication algorithm for a schema repository allows LDAP authentication, after first checking if traditional HCL Compass authentication is configured for the login name. The Compass schema repository is first checked for a user profile record that has the same user name as the given login name. If the user is found, then that user's authentication mode is used to determine if traditional Compass or LDAP authentication is to be used for the selected user. If there is no user record in the schema repository that has the same user name as the login name, then LDAP authentication is attempted. If the LDAP server authenticates the login name and password pair as valid then the LDAP mapping attribute (using the installutil setcqldapmap command) is used to find a Compass user profile record that has the same mapping profile field value as the LDAP user's mapping attribute value.

Note: The caller of this method must have Administrator privileges (that is, the UserPrivilegeMaskType value USER_ADMIN) to set this value.

Changing the AuthenticationAlgorithm for the control flow of authentication for the schema repository as a whole does not change the authentication mode for any existing HCL Compass user accounts. To change the mode of authentication for a particular user, the Administrator must change the AuthenticationMode for that particular user.

If the AuthenticationAlgorithm is changed to CQ_ONLY, then any existing LDAP authenticated HCL Compass user will fail to be able to login since LDAP authentication is not allowed. The Compass administrator will need to individually reconfigure these users as Compass authenticated users.

However, if the AuthenticationAlgorithm is changed back to CQ_FIRST and the administrator has not reconfigured LDAP authenticated users, then those users would be able to authenticate using LDAP.

Syntax

VBScript


adminSession.SetAuthenticationAlgorithm(AuthenticationAlgorithm) 

Perl


$adminSession->SetAuthenticationAlgorithm(AuthenticationAlgorithm); 
Identifier
Description
adminSession
The AdminSession object representing the current schema repository access session.
AuthenticationAlgorithm
A Long containing the AuthenticationAlgorithm of the schema repository.
Return value
None on success, else an exception is thrown (due to an incorrect input value, or other unexpected condition).

Examples

VBScript

' set the admin session ...
  set adminSession = CreateObject("ClearQuest.AdminSession")
  adminSession.Logon "admin", "admin", ""
' set preferred authentication algorithm:
  Dim cquser2 ' a user object
  Dim authAlg ' the authentication algorithm value
  authAlg = AD_CQ_FIRST ' set preference
  StdOut "Setting authentication algorithm for schema to " 
	& CStr(authAlg) & vbCrLf
  adminSession.SetAuthenticationAlgorithm (authAlg)
  StdOut "Authentication algorithm set to: " & CStr(authAlg) 
	& vbCrLf

Perl

use CQPerlExt;
#Create a HCL Compass
 admin session
$adminSession = CQAdminSession::Build();
#Logon as admin
$adminSession->Logon( "admin", "admin", "" );
$adminSession->SetAuthenticationAlgorithm($CQPerlExt::CQ_CQ_FIRST);
# ...
CQAdminSession::Unbuild($adminSession);