Disabling LDAP authentication

Commands to use in disabling LDAP authentication.

Procedure

To temporarily disable LDAP authentication for a HCL Compass database set, set the authentication algorithm to CQ_ONLY, as shown below. This action locks out all HCL Compass users whose authentication mode is LDAP. To re-enable LDAP authentication, set the authentication algorithm to CQ_FIRST.
```
installutil setauthenticationalgorithm 7.0.0 admin secret CQ_ONLY 
```
To permanently disable LDAP authentication for a HCL Compass database set, use the -remove option with the setldapinit, setldapsearch, and setcqldapmap subcommands. If you use MultiSite and you want to remove the settings at one particular site, use the -site option to specify that site. If you use MultiSite and you want to remove the settings at all sites, or if you do not use MultiSite, use the -allsites option. The following example permanently disables LDAP authentication for the 7.0.0 database set by removing the settings at all sites. Before making any changes to LDAP settings, always set the authentication algorithm to CQ_ONLY.
```
installutil setauthenticationalgorithm 7.0.0 admin secret CQ_ONLY
installutil setldapinit 7.0.0 admin secret -allsites -remove
installutil setldapsearch 7.0.0 admin secret -allsites -remove
installutil setcqldapmap 7.0.0 admin secret -allsites -remove
```
Attention: If you disable LDAP authentication for a database set, be sure to change the authentication mode for users to HCL Compass; otherwise, the users will be unable to log in to HCL Compass. To enable HCL Compass users whose authentication mode is set to LDAP to access the HCL Compass database set, use the User Administration GUI or the SetupCQLDAP.pl script to set their authentication mode to CQ.