MultiSite considerations
Factors to keep in mind when setting up LDAP authentication at a site using HCL Compass MultiSite.
If your team uses HCL Compass MultiSite, keep in mind the following factors as you enable the HCL Compass database set for LDAP authentication:
- You can run the installutil set subcommands only from the working master site of the schema repository. MultiSite replicates the LDAP parameters that you set to the other sites in the clan. LDAP-authenticated users at a remote site cannot log in to HCL Compass until MultiSite replicates the parameters to that remote site.
- By default, the parameters that you set apply to all sites in the clan. To apply parameters to a specific site use the -site argument.
- Be sure that the HCL Compass user profile field that you specify with the setcqldapmap subcommand is the same at all sites; however, the LDAP attribute that maps to the HCL Compass user profile field can be different.
- Because you can run the set subcommands only from the working master site, the administrator of a remote site cannot set parameters specific to that site. You, as administrator of the working master site, must set the site-specific parameters or you can make the remote site the working master site so that the remote site's administrator can run the subcommands.
- You can run the validateldap subcommand with the -site option to validate a remote site's LDAP settings only if your computer can connect to the LDAP server at that site. If your computer cannot connect to the LDAP server, arrange for the remote site administrator to run the subcommand at the remote site.
- A user's authentication mode is the same for all sites in a clan. You must set a user's authentication mode only at the site where the user is mastered by using the User Administration GUI or by running the SetupCQLDAP.pl script or a script that you write.