installutil setcqldapmap
The installutil setcqldapmap subcommand identifies the HCL Compass user profile field and the LDAP user attribute that HCL Compass uses to map a user account in the database set to a user account in the LDAP directory.
Synopsis
- installutil setcqldapmap dbset_name cq_login cq_password [ –site site | –domain domain ] cq_user_field ldap_user_attribute
- installutil setcqldapmap dbset_name cq_login cq_password [ {–allsites | –site site } | { –alldomains | –domain domain } ] –remove
Description
The installutil setcqldapmap subcommand identifies the HCL Compass user profile field and the LDAP user attribute that HCL Compass uses to map a user account in the database set to a user account in the LDAP directory. HCL Compass retrieves the value of the attribute from the LDAP user record that the installutil setldapsearch subcommand returns, then searches the database set for a user account whose mapping field value matches the attribute value. After HCL Compass finds a match, it determines the user's authorization. It is run once per domain, site, or both, if applicable.
- The value in the HCL Compass mapping field is unique among active HCL Compass user profile records that are enabled for LDAP authentication.
- The value in the LDAP mapping attribute is unique among LDAP user records. It is the responsibility of the LDAP administrator to ensure that the LDAP repository enforces this requirement. HCL Compass does not detect non-unique LDAP mapping attributes in the LDAP repository.
Be sure that the HCL Compass user profile field that you specify with the installutil setcqldapmap subcommand is the same at all sites; however, the LDAP attribute that maps to the HCL Compass user profile field can be different.
Options and Arguments
- –site site
- Specifies that the ldap_user_attribute setting applies only to the site that you specify. If you do not specify –site site, the subcommand settings apply to all sites. The cq_user_field setting must be the same for all sites.
- –site site –remove
- –allsites –remove
- Removes the existing settings for the specified subcommand. You must specify –site or –allsites with –remove. Use –site to remove the settings at one specific site. Use –allsites to remove the settings at all sites. You do not need to specify the cq_user_field and ldap_user_attribute arguments when you specify –remove.
- –domain domain
- HCL Compass supports environments where multiple LDAP configurations can be used to authenticate. Using this option specifies that the ldap_user_attribute setting applies only to the indicated domain. If you do not specify this option, the subcommand settings apply to all domains. The cq_user_field setting must be the same for all domains.
- –domain domain –remove
- –alldomains –remove
- Removes the existing settings for the specified subcommand. You must specify –domain or –alldomains with –remove. Use –domain to remove the settings at one specific domain. Use –alldomains to remove the settings at all domains. You do not need to specify the cq_user_field and ldap_user_attribute arguments when you specify –remove.
- cq_user_field
- One of the following fields that the subcommand uses to match
a HCL Compass user
account to an LDAP user account:
- CQ_EMAIL
- CQ_FULLNAME
- CQ_LOGIN_NAME
- CQ_MISC_INFO
- CQ_PHONE
The cq_user_field setting must be the same for all sites.
- ldap_user_attribute
- One of the attributes returned by the installutil setldapsearch subcommand
that the installutil setcqldapmap subcommand uses to match
a HCL Compass user
account to an LDAP user account.
In place of an LDAP attribute, you can specify the %login% parameter, which resolves to the login name that the user enters.
Examples
mail attribute
should be mapped to the HCL Compass CQ_EMAIL user
profile field. installutil setlcqldapmap dbset1 bob_admin bob_pw -domain Domain1 CQ_EMAIL mail