Configure LDAP mapping for HCL Compass databases
It must be possible to determine the HCL Compass user name from the WebSphere® Application Server-authenticated user name. If the HCL Compass user name and the WebSphere Application Server-authenticated user name do not match, then you must configure the LDAP mapping so that the HCL Compass user name can be derived at run time.
Use LDAP mapping to determine the Compass
user by referencing a different user field than the logon name. For example, the user name of the
WebSphere Application Server-authenticated user might be
the employee ID, while the HCL Compass user
name might be a more conventional logon name. By configuring LDAP mapping, the HCL Compass application can use the employee ID that
is saved in the Description
field of the user record to derive the HCL Compass user name. For instructions on how to
configure a HCL Compass database for LDAP
authentication, see Setting up LDAP authentication.
Example
The following sequence of installutil subcommands
configure a HCL Compass database
set for LDAP mapping. The uid
attribute in the LDAP
directory stores the user names. The installutil setcqldapmap subcommand
identifies CQ_LOGIN_NAME
as the HCL Compass user-profile-mapping
field. The subcommand uses %login%
in place of an
LDAP mapping attribute, which resolves to the HCL Compass logon
name.
installutil setauthenticationalgorithm 8.0.1 admin secret CQ_ONLY
installutil setldapinit 8.0.1 admin secret "-h ourldapserver.ourcompany.com"
installutil setldapsearch 8.0.1 admin secret "-s sub -b ou=my_dept,
dc=ourcompany,dc=com (&(objectclass=inetOrgPerson)(uid=%login%))"
installutil setcqldapmap 8.0.1 admin secret CQ_LOGIN_NAME %login%
installutil validateldap 8.0.1 admin secret test_user testPW
installutil setauthenticationalgorithm 8.0.1 admin secret CQ_FIRST