Collecting LDAP information

Describes information required and questions to be answered in order to set up LDAP for HCL Compass

In many organizations the HCL Compass administrator and the LDAP administrator are two different people. Use the questionnaire in LDAP information worksheet to collect necessary information from your LDAP administrator. If your team uses MultiSite to replicate the HCL Compass database set, complete this questionnaire for each site. To see how the example answers in LDAP information worksheet are used with the installutil subcommands to configure the database set for LDAP authentication, see LDAP configuration steps for HCL Compass.

Table 1. LDAP information worksheet
Question	Example answer	Your answer
A. What is the host name of the LDAP server? You can specify multiple hosts so that HCL Compass attempts to connect to an alternate host if it cannot connect to the first one.	`'ourldapserver.ourcompany.com altldapserver.ourcompany.com'`
B. What is the TCP port number where the LDAP server listens for communications?	`389`
C. Does the LDAP server allow anonymous searches? If it does not, specify a service account that has sufficient privileges to allow HCL Compass to search the directory for LDAP-authenticated HCL Compass users (C1 and C2).	`No`
C1. What is the distinguished name (DN) of the service account?	`cn=search_user,cn=Users, dc=cqldapmsft,dc=com`
C2. What is the password of the service account?	`secret_password`
D. What is the base DN from which to start searching for LDAP user directory entries that correspond to HCL Compass users? The base DN must be high enough in the directory hierarchy to include all users that might need to be authenticated; however, a base DN that is too high in the hierarchy might slow login performance.	`ou=my_dept,dc=cqldapmsft,dc=com`
E. What is the scope of the search from the base DN?: sub (subtree); one (one level below); or base (base DN only).	`sub`
F. What is the LDAP attribute that is used to store the user entry login name values? HCL Compass uses the text string entered in the HCL Compass Login window to search the LDAP directory for a user entry whose LDAP attribute value matches the login name. This LDAP attribute must store unique values for all user entries that HCL Compass searches. You also use this attribute in the answer to the next question.	`sAMAccountName`
G. What is the LDAP search filter that HCL Compass must use to select the LDAP user entry based on the attribute specified in the previous question? Use %login% as the user's login name; HCL Compass substitutes the text string the user enters in the HCL Compass login window.	`sAMAccountName=%login%`
H. What is the LDAP attribute of the user entry to be used to map the user to a corresponding HCL Compass user profile record? You can map an attribute to one of the following HCL Compass user profile record fields: CQ_EMAIL, CQ_FULLNAME, CQ_LOGIN_NAME, CQ_MISC_INFO, or CQ_PHONE. The HCL Compass administrator and LDAP administrator need to work together to determine this mapping.	`sAMAccountName`
I. What is the login name of a user entry that can be used to validate that HCL Compass can correctly authenticate a user against the LDAP directory? This can be a test account or an actual user account.	`test_user`
J. What is the password for the user entry specified in the previous question?	`test_pwd`