Impact on Existing APIs

Depending on the authentication algorithm of the schema repository, there may be an impact on the following parts of the existing DevOps Plan Schema API.

  • CreateUser method of the AdminSession object.

    This function remains the same despite the AuthenticationAlgorithm for the schema repository. However, the CreateUser method creates a DevOps Plan authenticated user with a blank password. To create an LDAP authenticated user
    • Use the CreateUserLDAPAuthenticated function, or
    • Use CreateUser and then call the SetLDAPAuthentication method for that user object to convert it to LDAP authentication.
  • Depending on the authentication mode of a user, there may be impact on existing DevOps Plan Schema API methods of the User object.
    • If DevOps Plan authentication (CQ_AUTHENTICATION) is configured, the following existing functions retain their current behavior.
      • SetPassword method of the User object
      • SetLoginName method of the User object
    • If LDAP authentication (LDAP_AUTHENTICATION) is configured, the following existing functions will have modified behavior.
      • SetPassword(new_password) method of the User object

        If LDAP authentication is enabled for the user account, the user password is the value stored in the LDAP repository. It cannot be set using SetPassword. Calling SetPassword returns an error unless the argument value is an empty string (""). The USER_ADMIN user privilege is required to make this call.

      • SetLoginName(new_login_name, new_password) method of the User object.

        If LDAP authentication is enabled for the user account, you can change the login name but not the password. The new_password argument value must be the empty string (""). The USER_ADMIN user privilege is required to change the login name.

  • If you choose a configuration with a different value, the Login name field does not represent the name that users enter in the DevOps Plan Login window. If your user database uses any Perl scripts that assume that the Login name field (that is, the value returned by $UserObject->Name or $SessionObject->GetLoginName) represents the name that users enter in the Login window, you may need to modify those scripts to ensure that they work correctly.

    Specifically, if using LDAP authentication, any existing DevOps Plan Schema API method that requires or returns a value currently documented as a DevOps Plan login name (such as CQ_login_name) should be handled as a DevOps Plan user profile name (such as CQ_user_name, that is, the value of the User object Name field).

    The GetAuthenticationLoginName method of the Session object and of the AdminSession object returns the string that a user enters at the DevOps Plan Login window. See GetAuthenticationLoginName method of the Session object and GetAuthenticationLoginName method of the AdminSession object.

    The GetUserLoginName of the AdminSession object returns the DevOps Plan user name stored in the database. See GetUserLoginName method of the AdminSession object

    Note: The DevOps Plan user profile field that is used for correlating LDAP user records to DevOps Plan user records is the CQLDAPMap field.
    Note:

    The following characters cannot be included in a DevOps Plan user profile Name field (CQ_LOGIN_NAME), for DevOps Plan authentication, or in a CQLDAPMap mapping value, for LDAP authentication.

    ! {the space character} " # $ % & ' ( ) * + , / : ; < = > ? [ \ ] ^ ` { | }

    Login names and CQLDAPMap mapping values cannot have any characters that are not valid nor reserved keywords for the database or prohibited by DevOps Plan interfaces.