AuthenticationAlgorithm constants
AuthenticationAlgorithm constants specify which authentication search strategy is selected when a Rational® ClearQuest® user logs on.
Note: This enumerated constant became available in version 2003.06.14.
| Constant | Value | Description |
|---|---|---|
| _LDAP_FIRST | 1 | Authenticate against an LDAP server as the preference, and failing that, attempt to authenticate using Rational® ClearQuest® authentication. Allows for traditional Rational® ClearQuest® authentication. |
| _CQ_FIRST | 2 | Authenticate using traditional Rational® ClearQuest® user authentication as the preference, and failing that, attempt to authenticate using LDAP authentication. |
| _CQ_ONLY | 3 | Traditional Rational® ClearQuest® user authentication. Does not allow LDAP authentication. This is the default mode. |
Setting the AuthenticationAlgorithm for the schema repository
controls how Rational®
ClearQuest® searches
to find the correct authentication method. Specifically, the AuthenticationAlgorithm
controls the search flow.
- LDAP_FIRST: Rational®
ClearQuest® attempts
to authenticate the user against the configured LDAP server.
- If the authentication succeeds, the Rational®
ClearQuest® user
records are searched for the user record that corresponds to that
LDAP account. The correspondence is through a mapping of a particular
(configurable) Rational®
ClearQuest® user
profile field to a (configurable) LDAP attribute field of the LDAP
user account just authenticated against. Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the Rational® ClearQuest® and LDAP mapping field. The corresponding ClearQuest® API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the (
USER_ADMINuser privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute. - If the authentication fails, there is a chance that the login
is a traditional Rational®
ClearQuest® authenticated
user. Rational®
ClearQuest® attempts
the traditional Rational®
ClearQuest® authentication.
- If successful, Rational® ClearQuest® continues.
- If unsuccessful, Rational® ClearQuest® returns an error.
- If the authentication succeeds, the Rational®
ClearQuest® user
records are searched for the user record that corresponds to that
LDAP account. The correspondence is through a mapping of a particular
(configurable) Rational®
ClearQuest® user
profile field to a (configurable) LDAP attribute field of the LDAP
user account just authenticated against.
- CQ_FIRST: Rational®
ClearQuest® attempts
a traditional Rational®
ClearQuest® authentication
and searches for a Rational®
ClearQuest® user
record that matches the login name:
- If the search succeeds, Rational®
ClearQuest® checks
the Rational®
ClearQuest® user
record to see if it is configured as a Rational®
ClearQuest® authenticated
user:
- If configured for Rational® ClearQuest® authentication, performs traditional authentication.
- If configured as LDAP, performs LDAP authentication. The Rational® ClearQuest® to LDAP mapping correlation must map back to this same Rational® ClearQuest® user account, or an error is generated.
- If the search fails, performs an LDAP authentication, in case
the user is an LDAP authenticated user:
- If successful, allows the user to access Rational®
ClearQuest® as
normal If the authentication succeeds, the Rational® ClearQuest® user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) Rational® ClearQuest® user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the Rational® ClearQuest® and LDAP mapping field. The corresponding Rational® ClearQuest® API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the Administrator (
USER_ADMINuser privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute and be unique among Rational® ClearQuest® and LDAP users. See CQLDAPMap field constants. - If unsuccessful, Rational® ClearQuest® returns an error.
- If successful, allows the user to access Rational®
ClearQuest® as
normal
- If the search succeeds, Rational®
ClearQuest® checks
the Rational®
ClearQuest® user
record to see if it is configured as a Rational®
ClearQuest® authenticated
user:
- CQ_ONLY: Performs traditional Rational® ClearQuest® authentication. Does not attempt to perform an LDAP authentication. This is the default.