Impact on Existing APIs

Depending on the authentication algorithm of the schema repository, there may be an impact on the following parts of the existing HCL Compass API.

  • CreateUser method of the AdminSession object.

    This function remains the same despite the AuthenticationAlgorithm for the schema repository. However, the CreateUser method creates a HCL Compass authenticated user with a blank password. To create an LDAP authenticated user
    • Use the CreateUserLDAPAuthenticated function, or
    • Use CreateUser and then call the SetLDAPAuthentication method for that user object to convert it to LDAP authentication.
  • Depending on the authentication mode of a user, there may be impact on existing HCL Compass API methods of the User object.
    • If HCL Compass authentication (CQ_AUTHENTICATION) is configured, the following existing functions retain their current behavior.
      • SetPassword method of the User object
      • SetLoginName method of the User object
    • If LDAP authentication (LDAP_AUTHENTICATION) is configured, the following existing functions will have modified behavior.
      • SetPassword(new_password) method of the User object

        If LDAP authentication is enabled for the user account, the user password is the value stored in the LDAP repository. It cannot be set using SetPassword. Calling SetPassword returns an error unless the argument value is an empty string (""). The USER_ADMIN user privilege is required to make this call.

      • SetLoginName(new_login_name, new_password) method of the User object.

        If LDAP authentication is enabled for the user account, you can change the login name but not the password. The new_password argument value must be the empty string (""). The USER_ADMIN user privilege is required to change the login name.

  • If you choose a configuration with a different value, the Login name field does not represent the name that users enter in the HCL Compass Login window. If your user database uses any Perl or Visual Basic scripts that assume that the Login name field (that is, the value returned by $UserObject->Name or $SessionObject->GetLoginName) represents the name that users enter in the Login window, you may need to modify those scripts to ensure that they work correctly.

    Specifically, if using LDAP authentication, any existing HCL Compass API method that requires or returns a value currently documented as a HCL Compass login name (such as CQ_login_name) should be handled as a HCL Compass user profile name (such as CQ_user_name, that is, the value of the User object Name field).

    The GetAuthenticationLoginName method of the Session object and of the AdminSession object returns the string that a user enters at the HCL Compass Login window. See GetAuthenticationLoginName method of the Session object and GetAuthenticationLoginName method of the AdminSession object.

    The GetUserLoginName of the AdminSession object returns the HCL Compass user name stored in the database. See GetUserLoginName method of the AdminSession object

    Note: The HCL Compass user profile field that is used for correlating LDAP user records to HCL Compass user records is the CQLDAPMap field.
    Note:

    The following characters cannot be included in a HCL Compass user profile Name field (CQ_LOGIN_NAME), for HCL Compass authentication, or in a CQLDAPMap mapping value, for LDAP authentication.

    ! {the space character} " # $ % & ' ( ) * + , / : ; < = > ? [ \ ] ^ ` { | }

    Login names and CQLDAPMap mapping values cannot have any characters that are not valid nor reserved keywords for the database or prohibited by HCL Compass interfaces.