Topic
  • 6 replies
  • Latest Post - ‏2013-07-07T23:55:57Z by DonaldN
ArieH
ArieH
4 Posts

Pinned topic Arieh

‏2013-07-02T13:09:43Z |

Hello,

I did all the setting authentication steps according to IBM recommendation see the link:

http://publib.boulder.ibm.com/infocenter/cqhelp/v7r0m0/index.jsp?topic=/com.ibm.rational.clearquest.admin.doc/ldap/c_config_cq_ldap.htm

installutil validateldap 7.0.0 admin secret test_user test_pwd retrun 0 mean that the account is able to connect,

Trying to enter to CQ with this LDAP account rerun error that the password is unknown

Has anyone has any idea what i can do?

The username in definded in CQ user administrator in capital letters

 

  • DonaldN
    DonaldN
    287 Posts

    Re: Arieh

    ‏2013-07-02T23:47:15Z  

    ClearQuest LDAP integration is quite straightforward as long as the configuration is correctly done. To help people out here to help you, you should consider giving more details about your problem. For example:

    1. The exact output of the validateldap command against the account that you intend to use.

    2. The exact error when you try to log in with ClearQuest.

    3. Have you set the authentication mode to CQ_FIRST?

    4. Have you set the ClearQuest user to use LDAP authentication?

  • RAQ3_Manoj_Goyal
    RAQ3_Manoj_Goyal
    2 Posts

    Re: Arieh

    ‏2013-07-03T03:28:26Z  

    As per the information provided; looks like "installutil validateldap" is working fine and giving no errors. You see the issue when "test_user" is trying to login to ClearQuest?

    Hope you have followed all the below steps-

    1. installutil setauthenticationalgorithm UserTest admin <admin password> CQ_ONLY

    2. installutil setldapinit UserTest admin <adminpassword> "-h '<ldap server name>' -p <port to be used>  -w <Key file password> -Z -K '<Location of the key.kdb file>' <admin password>"

    3. installutil setldapsearch UserTest admin <adminpassword> "-s sub -b dc=<company name as per the ldap server>,dc=com userid=%login%"

    4. installutil setcqldapmap UserTest admin <adminpassword> CQ_LOGIN_NAME  userid

    5. installutil validateldap UserTest admin <adminpassword> <user_id> <user_password>

    6. installutil setauthenticationalgorithm UserTest admin <adminpassword> CQ_FIRST

    Steps 2nd and 3rd can be configured in a different way also. Depends, how you want to use the LDAP server.

    I hope you have given the step 6th also after the "validateldap" step.

    Finally, login as admin to ClearQuest user Admin and see if LDAP checkbox is checked or not for that particular user you are trying to enable LDAP. If not, please check this and upgrade the Database.

    If you still see the issue; please share the screen shot of the error message.

     

     

  • ArieH
    ArieH
    4 Posts

    Re: Arieh

    ‏2013-07-04T08:15:51Z  

    Reply to the question:

     

    1. The error message I'm getting while triny to enter to CQ on LDAP user (bah026), for db_set name 7.0.0:

    Failed to map authentication LDAP user to any active LDAP enabled ClearQuest user with "Login_name=bah026". Invalid credentials, Either the login name or the password is incorrect.

    2. The Result for installutill validateldap 7.0.0 <User Test Admin> <adminpassword><user><user_password>

    Validate LDAP succeeded for 7.0.0

    The LDAP initialization parameter are:

    -h  <ldapserverName.com> -p 389 -D cm=<ldap account>, cn=User, dc=<xxxx>, dc=<xxxx>, dc=com -w *** -R

    The LDAP search parameter are:

    -s sub -b dc-<xxxx>, dc=<xxxxxx>, dc=<xxxxx>, (&(objectclass=person)(sAMAcceuntName=%login%))

    The ClearQuest <-> LDAP mapping is:

    CQUser.CQ_LOGIN_NAME <-------> sAMAccountName

    Exit code 0 for validateldap

    3. Of course I did at the beggining : installutil setauthenticationalgorithm UserTest admin <admin password> CQ_ONLY

    4. I did at the end:  installutil setauthenticationalgorithm UserTest admin <adminpassword> CQ_FIRST

    5. I select defined accoount that which is LDAP account in CQ.

     

  • ArieH
    ArieH
    4 Posts

    Re: Arieh

    ‏2013-07-07T09:09:48Z  
    • DonaldN
    • ‏2013-07-02T23:47:15Z

    ClearQuest LDAP integration is quite straightforward as long as the configuration is correctly done. To help people out here to help you, you should consider giving more details about your problem. For example:

    1. The exact output of the validateldap command against the account that you intend to use.

    2. The exact error when you try to log in with ClearQuest.

    3. Have you set the authentication mode to CQ_FIRST?

    4. Have you set the ClearQuest user to use LDAP authentication?

    See my reply

  • ArieH
    ArieH
    4 Posts

    Re: Arieh

    ‏2013-07-07T09:10:01Z  

    As per the information provided; looks like "installutil validateldap" is working fine and giving no errors. You see the issue when "test_user" is trying to login to ClearQuest?

    Hope you have followed all the below steps-

    1. installutil setauthenticationalgorithm UserTest admin <admin password> CQ_ONLY

    2. installutil setldapinit UserTest admin <adminpassword> "-h '<ldap server name>' -p <port to be used>  -w <Key file password> -Z -K '<Location of the key.kdb file>' <admin password>"

    3. installutil setldapsearch UserTest admin <adminpassword> "-s sub -b dc=<company name as per the ldap server>,dc=com userid=%login%"

    4. installutil setcqldapmap UserTest admin <adminpassword> CQ_LOGIN_NAME  userid

    5. installutil validateldap UserTest admin <adminpassword> <user_id> <user_password>

    6. installutil setauthenticationalgorithm UserTest admin <adminpassword> CQ_FIRST

    Steps 2nd and 3rd can be configured in a different way also. Depends, how you want to use the LDAP server.

    I hope you have given the step 6th also after the "validateldap" step.

    Finally, login as admin to ClearQuest user Admin and see if LDAP checkbox is checked or not for that particular user you are trying to enable LDAP. If not, please check this and upgrade the Database.

    If you still see the issue; please share the screen shot of the error message.

     

     

    See my reply

  • DonaldN
    DonaldN
    287 Posts

    Re: Arieh

    ‏2013-07-07T23:55:57Z  
    • ArieH
    • ‏2013-07-04T08:15:51Z

    Reply to the question:

     

    1. The error message I'm getting while triny to enter to CQ on LDAP user (bah026), for db_set name 7.0.0:

    Failed to map authentication LDAP user to any active LDAP enabled ClearQuest user with "Login_name=bah026". Invalid credentials, Either the login name or the password is incorrect.

    2. The Result for installutill validateldap 7.0.0 <User Test Admin> <adminpassword><user><user_password>

    Validate LDAP succeeded for 7.0.0

    The LDAP initialization parameter are:

    -h  <ldapserverName.com> -p 389 -D cm=<ldap account>, cn=User, dc=<xxxx>, dc=<xxxx>, dc=com -w *** -R

    The LDAP search parameter are:

    -s sub -b dc-<xxxx>, dc=<xxxxxx>, dc=<xxxxx>, (&(objectclass=person)(sAMAcceuntName=%login%))

    The ClearQuest <-> LDAP mapping is:

    CQUser.CQ_LOGIN_NAME <-------> sAMAccountName

    Exit code 0 for validateldap

    3. Of course I did at the beggining : installutil setauthenticationalgorithm UserTest admin <admin password> CQ_ONLY

    4. I did at the end:  installutil setauthenticationalgorithm UserTest admin <adminpassword> CQ_FIRST

    5. I select defined accoount that which is LDAP account in CQ.

     

    If the post above is a direct copy of the "installutil validateldap" command output (with substitution of some sensitive information), then we have at least two errors in the configuration.

    1. The DN in the "-D" parameter is incorrect - notice that it's cm instead of the correct cn (unless your LDAP server is actually configured in this way, which is very unusual).

    2. The search parameter pairing is incorrect - notice that it's sAMAcceuntName instead of the correct sAMAccountName.

    Bear in mind that the "exit code 0" for the preceding commands doesn't mean that the configuration is correct, it only means that the _syntax_ is correct, and ClearQuest is able to record the settings in the database. The only time ClearQuest will use these settings is when it tries to authenticate a user, such as when "installutil validateldap" command is run or a user actually attempts to log on from ClearQuest client.

    I will suggest you double check the settings and make adjustments if needed.