installutil

Configures or modifies databases. Although you can use installutil with a variety of subcommands, the syntax that is described in this reference page is specific to subcommands used to configure LDAP user authentication. The installutil command line utility is available on Windows™ only.

Synopsis

installutil subcommand -dbset dbset_name cq_login cq_password [ –site site ] [ –domain domain ] [ subcommand_arguments ...]

Description

Use the installutil command with the following subcommands:

  • getauthenticationalgorithm. Displays the algorithm specified by the setauthenticationalgorithm subcommand.
  • getcqldapmap. Displays the string specified by the setcqldapmap subcommand.
  • getldapinit. Displays the ldapsearch string specified by the setldapinit subcommand for the specified database set.
  • getldapsearch. Displays the string specified by the setldapsearch subcommand for the specified database set.
  • setauthenticationalgorithm. Controls whether HCL Compass supports both Compass and LDAP authentication or only Compass authentication for the specified database set.
  • setcqldapmap. Identifies theCompass user profile field and the LDAP user attribute that Compass uses to map a user account in the Compass database set to a user account in the LDAP directory. This command is run once per domain, site, or both, if applicable.
  • setldapinit. Sets the parameter string that is required to connect a database set to the LDAP directory used for authentication. It is run once per domain, site, or both, if applicable.
  • setldapsearch. Specifies the LDAP search criteria to use to find an LDAP user account to authenticate against. It is run once per domain, site, or both, if applicable.
  • validateldap. Confirms that an LDAP configuration is working correctly.
Important: If you enable LDAP authentication, you must keep one administrator account that is Compass authenticated. You must run the installutil subcommands from an administrator account that uses Compass authentication. The reason is that Compass cannot authenticate the administrator's credentials if the LDAP configuration settings are inconsistent, incorrect, or in a non-functioning state. Running the subcommands from an administrator account that uses Compass authentication ensures that you can access Compass administrative functions if the LDAP directory is unavailable.

Compass prevents users with administrator privileges from setting their own user account to use LDAP authentication, but it does not prevent users with administrator privileges from setting another administrator's account to use LDAP authentication.

At a minimum, when you run an installutil subcommand to configure Compass for LDAP authentication, you must specify the Compass database set name, administrator user name, and associated administrator password.

Options and Arguments

-dbset dbset_name
Name of the Compass database set or connection that contains the database to enable for LDAP authentication.
cq_login
Login name of the Compass administrative user. This user must have Super User privileges and be marked for Compass authentication.
cq_password
Password for the Compass administrative user. To specify a null password, enter an empty set of double quotes "".
–site site
In a HCL Compass MultiSite environment, the name of a specific MultiSite site. If you use this option, the command applies only to the specified site. If you omit this option, the command applies to all sites.
–domain domain
HCL Compass supports environments where multiple LDAP configurations can be used to authenticate. If you use this option, the installutil subcommand applies only to the specified LDAP domain. If you omit this option, the subcommand applies to all domains.
subcommand_argument
One or more arguments specific to the installutil subcommand. For the installutil setldapinit and installutil setldapsearch subcommands, you must enclose arguments in double quotes. Use single quotes to enclose nested parameter lists and strings that include spaces.