Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
12 replies Latest Post - ‏2014-02-12T06:38:09Z by CQAdmin
SuvajitC
SuvajitC
3 Posts
ACCEPTED ANSWER

Pinned topic ClearQuest Automatic User Creation

‏2014-02-06T14:59:52Z |

Hello Forum

We are using ClearQuest v7.1.x with LDAP configuration, for which every user has to login to CQ as

Username: [Domain Name]\[SSO]

How to automate the User Creation for CQ in such a way that once users are added to certain AD Groups, they will automatically have Login access to CQ. Or whether this is possible at all ?

Your answers will be really appreciated.

Regards

Suvajit

Updated on 2014-02-06T15:00:38Z at 2014-02-06T15:00:38Z by SuvajitC
  • pdubovitsky
    pdubovitsky
    376 Posts
    ACCEPTED ANSWER

    Re: ClearQuest Automatic User Creation

    ‏2014-02-06T22:54:18Z  in response to SuvajitC

    Hello,

    It is possible. You can create a script that would query LDAP and use ClearQuest API to create users automatically.
    Along with LDAP authentication enabled for ClearQuest, it would provide required functionality.

    Pavel

  • DonaldN
    DonaldN
    244 Posts
    ACCEPTED ANSWER

    Re: ClearQuest Automatic User Creation

    ‏2014-02-06T23:30:50Z  in response to SuvajitC

    Although it is technically doable to automate the user creation process in ClearQuest, as Pavel pointed out, I am of the opinion that regular/periodic maintenance of the ClearQuest users/groups should not be neglected. It may be fine if you use the ClearQuest users/groups in a very simple way. Once you have a bit more sophisticated security settings, it would be better to do it manually to keep everything on the right track.

  • CQAdmin
    CQAdmin
    103 Posts
    ACCEPTED ANSWER

    Re: ClearQuest Automatic User Creation

    ‏2014-02-07T03:43:48Z  in response to SuvajitC

    Hello,

    You can think of the below approach-

    1. Create a html page "CQ User Creation"; Ask user to provide his UserName and LDAP Password

    2. On Submit; your script should fetch the data of that user from the LDAP Server and should open a new html page with the fetched values.

    3. In this html page first four text boxes should have User's Name, UserID, Phone no, Email.

    4. You can place a Drop-down box here, which should reflect all of your ClearQuest groups.

    5. User has to select one out of it and then click on "Add Me" (for example) button.

    6. Now your script should create that user and make him a member of that particular group (Selected one).

    7. Once this is done, you should have email notification also in your script. One email should go to the CQ Admin and another will go to the newly created User.

    Only one issue I see in this approach; you are giving privilege to your users to select "Groups" by themselves.  What I would suggest is to create new users and have a "common" group for them. If someone needs special privileges; in that case you manually login to CQ User Admin tool and assign the needed group.

     

     

    • SuvajitC
      SuvajitC
      3 Posts
      ACCEPTED ANSWER

      Re: ClearQuest Automatic User Creation

      ‏2014-02-07T07:24:13Z  in response to CQAdmin

      Hello CQ Admin

      Thanks for your reply, surely it is helpful.

      We already have an internal Web Based application to apply for ClearQuest login access for users. There are 4 roles already available in the form as a dropdown menu. (Base User, functional Admin, Junior Admin & Senior Admin).

      Based upon what role user is asking, there is a validation mechanism already set in the website which can check if user has completed the corresponding training which is mandatory to get that role. But at the end someone from Helpdesk needs to login to CQ User Administration UI and create the user manually.

      This is what we are trying to change. If we create those 4 groups in AD and setup a mechanism that after 1 or 2 approvals, the user will get automatically added to one of those 4 AD Groups; then is it possible for the user to login to CQ once they are added in the Group. We are trying to remove the manual user creation process in CQ.

      Currently CQ is already integrated with company LDAP, so a CQ Admin has to create only the ID in CQ and it automatically finds the user from 3 different domains. But user will have to login as Domain_Name\UID in CQ. Take a look at the attached screenshot for more clarity.

      What we need to change with CQ to allow user to login from certain AD Groups when they are member.

      • CQAdmin
        CQAdmin
        103 Posts
        ACCEPTED ANSWER

        Re: ClearQuest Automatic User Creation

        ‏2014-02-07T08:23:54Z  in response to SuvajitC

        To remove the manual user creation process; you have to write a script (May be in Perl) to create that user for you.

        "Based upon what role user is asking, there is a validation mechanism already set in the website which can check if user has completed the corresponding training which is mandatory to get that role."

        Once this is done; call the Perl script within the same html file.

        Here is an example how a user can be created in ClearQuest using a script. The below script creates a CQ user named "John".

        #!C:\Program Files\IBM\RationalSDLC\ClearQuest\CQperl.exe

        use CQPerlExt;
        # Create a Rational ClearQuest admin session
        my $adminSession = CQAdminSession::Build();
        # Logon as admin
        $adminSession->Logon( "admin", "<admin Password>", "<Schema Repository>" );

        # Create the user "John" object

        my $newUserObj = $adminSession->CreateUser( "John" );

        die "Unable to create the user!\n" unless $newUserObj;

        # Set the new user's password to secret
        # Set password is not required if you want to go for LDAP

        $newUserObj->SetPassword("secret");
        $newUserObj->SetFullName("John Park");
        $newUserObj->SetEmail("johnpark\@test.com");
        $newUserObj->SetPhone("0123456789");

        # Subscribing the user to the TEST database
        my $dbs = $adminSession->GetDatabase("TEST");

        $newUserObj->SubscribeDatabase($dbs);

        # Unbuild the Admin session

        CQAdminSession::Unbuild($adminSession);

         

        You can modify (and add further code) this script as per your need.

        • SuvajitC
          SuvajitC
          3 Posts
          ACCEPTED ANSWER

          Re: ClearQuest Automatic User Creation

          ‏2014-02-10T14:36:23Z  in response to CQAdmin

          Hi Manoj

          Thanks for providing the Per script, it surely is helpful.

          Few things I need a bit more clarity.

          1> How to provide user role in this script? Something like

          $newUserObj->SetUserRole("Functional Admin");

          Will it provide 'Functional Admin' role to user in ClearQuest ?

          2> How to add users to Projects or Groups within ClearQuest using an API call from Perl ?

          3> I think users can also be removed from CQ using similar script, like 

          $newUserObj->DeleteUserRole("Functional Admin");

          Or there is a different function for this?

           

          BR

          Suvajit

           

          • DonaldN
            DonaldN
            244 Posts
            ACCEPTED ANSWER

            Re: ClearQuest Automatic User Creation

            ‏2014-02-10T23:37:00Z  in response to SuvajitC

            Hi Suvajit,

            It seems that you are not familiar with ClearQuest and try to fit some concepts from other applications into ClearQuest. Technically speaking, there is no "role" or "project" in ClearQuest user maintenance. All we have is "user" and "group". Some users will use the "group" for a "role" purpose, and the "user database" for a "project" purpose, but we will keep the definition as is for clarity.

            To add or remove a user from a group, see this example:

            http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_examples_addandremusers.htm

            To add or remove a user from a "project", is basically to subscribe or unsubscribe a user to or from a user database.

            http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_user_subscrbedb.htm

            http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_user_unscrbedb.htm

            Note that the "Group" object also has similar methods.

            http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_group_subscrbddb.htm

            http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_group_unsubscrbdb.htm

            • SuvajitC
              SuvajitC
              3 Posts
              ACCEPTED ANSWER

              Re: ClearQuest Automatic User Creation

              ‏2014-02-11T11:18:54Z  in response to DonaldN

              Hi Donald

              I don't have a great deal of API experience with CQ. I have only done some Migrations from old to new versions.

              I would really appreciate if you could provide a script which will not only create the user, but also add them in corresponding Groups in CQ. Check attached screenshot, we have 4-5 different groups available in the CQ user creation window.

              Secondly, which option is going to select LDAP authentication (checkbox) as per CQ user creation window. Our CQ is integrated with LDAP and every time when a manual user creation happens, the LDAP checkbox has to be checked.

              I hope the Perl script can also do this. 

              Regards

              Suvajit

              • DonaldN
                DonaldN
                244 Posts
                ACCEPTED ANSWER

                Re: ClearQuest Automatic User Creation

                ‏2014-02-12T00:10:19Z  in response to SuvajitC

                You need to make your own effort to complete this task. All the required API can be found in the ClearQuest InfoCenter. There are also plenty of sample codes around.

                To help you start, I will point you to the required API first.

                1. Create a user - see sample codes in the earlier post in this thread.

                2. Add a user to a group - see my post just above.

                3. Create/modify a user with LDAP authentication.

                http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_adminsession_crtuserldapauth.htm

                http://pic.dhe.ibm.com/infocenter/cqhelp/v8r0m0/topic/com.ibm.rational.clearquest.apiref.doc/topics/r_user_setldapauth.htm

              • CQAdmin
                CQAdmin
                103 Posts
                ACCEPTED ANSWER

                Re: ClearQuest Automatic User Creation

                ‏2014-02-12T03:07:44Z  in response to SuvajitC

                (1.) You ca use"SetLDAPAuthentication" to enable LDAP authentication for the user.

                Sample Code-

                # Check the user's authentication mode.
                 # If it's not LDAP authentication, change it to be such

                 sub Enforce_LDAP_Authentication_On_User
                {
                my($user, $LDAP_login) = @_;
                 $authentication = $user->GetAuthenticationMode();
                 if ($authentication == $CQPerlExt::CQ_LDAP_AUTHENTICATION)
                 {
                 $auth_s = "LDAP Authenticated";
                print "User's authentication mode is $auth_s. No Changes needed.\n";
                return 0;
                 }
                else
                 {
                $auth_s = "CQ Authenticated";
                 eval{$user->SetLDAPAuthentication($LDAP_login);};
                 if ($@)
                 {
                print "Couldnt run User->SetLDAPAuthentication. Error: $@\n";
                 die;
                 }
                 print "LDAP Authentication set.\n";
                 return 1;
                 }
                 }

                 

                (2.) User Deletion-

                You can delete a User from ClearQuest. Though, it is possible if you do it through backend database, but this is highly NOT Recommended, since it may delete references and corrupt the Data.

                But you can always DEACTIVATE a user. Please check this tech note-

                http://www-01.ibm.com/support/docview.wss?uid=swg21655157

                (3.) Adding and removing users in a group -

                use CQPerlExt;
                $DEBUG = 1;
                 sub ShowUsersInGroups()
                {
                local($Tag) = shift;
                 my($GCol) = $adminSession->GetGroups();
                my($GCount) = $GCol->Count();
                 if ($GCount == 0)
                 {
                print "\n$Tag, there are no groups.\n\n";
                 }
                else
                {
                print "\n$Tag, there " . (($GCount == 1) ? "is $GCount group.\n":"are $GCount groups.\n");
                 print "Group Users in group\n" . "========== ==========================================\n";
                 for ($i = 0; $i < $GCount; $i++)
                {
                 my($GObj) = $GCol->Item($i);
                 printf("%-10.10s ", $GObj->GetName());
                 # Display the list of users in the group... my($UCol) = $GObj->GetUsers();
                 if ($UCol->Count() == 0)
                {
                 print "(none)\n";
                 }


                else
                 {
                 for (my($u) = 0; $u < $UCol->Count(); $u++)
                {
                 my($UObj) = $UCol->Item($u);
                print ($UObj->GetName() . " ");
                 }
                 print ("\n");
                }
                 }
                 print "\n";
                }
                 }
                 # Initiate an admin session and log on as "admin"...

                 $adminSession= CQAdminSession::Build()
                 or die "Error creating AdminSession object.\n";
                 print "Admin session create OK\n" if ($DEBUG);

                $adminSession->Logon("admin", "", "LOCALTEST");

                 print "Back from logging in to admin session\n" if ($DEBUG);

                 # Display the users who are members of groups before doing anything...

                &ShowUsersInGroups("At the beginning of this program's execution");

                 # Get handles for the 'QE' user and the 'MyGroup' group...

                 $GObj = $adminSession->GetGroup("MyGroup");

                 $UObj = $adminSession->GetUser("QE");


                 # Add user "QE" to the "MyGroup" group...

                 $GObj->AddUser($UObj);

                 # Display the users who are members of groups...

                &ShowUsersInGroups("After adding user 'QE' to group 'MyGroup'");

                 # Remove the user from the group...

                $GObj->RemoveUser($UObj);

                 # Display the users in groups now...

                &ShowUsersInGroups("After removing user 'QE' from group 'MyGroup'");

                 CQAdminSession::Unbuild($adminSession);

                 

                Please refer ClearQuest APIs pdf file, which is available on google. This pdf have lots of example and will surely help you to create a script.

                • SuvajitC
                  SuvajitC
                  3 Posts
                  ACCEPTED ANSWER

                  Re: ClearQuest Automatic User Creation

                  ‏2014-02-12T06:35:48Z  in response to CQAdmin

                  Thanks Manoj for pointing to the right direction.

                  I will try this and look into the API PDF for more info.

                  • CQAdmin
                    CQAdmin
                    103 Posts
                    ACCEPTED ANSWER

                    Re: ClearQuest Automatic User Creation

                    ‏2014-02-12T06:38:09Z  in response to SuvajitC

                    My Pleasure..!!!

                    :-)

      • This reply was deleted by pdubovitsky 2014-02-07T10:47:43Z.