We are using QC 11 Patch 16 and we are soon planning to move from QC authentication to LDAP authentication. Has anyone experienced any issues with such a changeover? Having tested it on our test QC server, it seems fairly straighforward with just a few config screens within the Site Admin area to be changed - and once the config screens have been set up, the change seems to happen instantaneously with no disruption to users.
However, if your QC User ID does not match the user's samAccountName then the activation will not be seamless.
The reason you experience an instantaneous transition is because QC has undocumented functionality as part of the LDAP authentication. If you leave the Authentication Principal and Password set to valid values in the LDAP Import Settings dialog, then QC will automatically try to re-import users when authentication fails. So, for your new users who have no Domain Authentication information already, when they log in they will initially fail to authenticate. Without displaying a message to the user, QC will try to re-import the user. It will use the LDAP settings to look for a user with a samAccountName that matches the QC username. If it doesn't find a match, then it will tell the user authentication failed. If it does find a match, it will import the Domain Authentication info, and then try the validate the entered password for the domain account it found.
If the username in QC does not match the samAccountNames you use, then the import will fail. Or, if the username matches a different actual user's samAccountName, it will import that user's information.
We recently upgraded to ALM 12.20 and experiencing couple LDAP issues.
1. Whenever an ALM user tries to login into ALM and enters a wrong password, the Domain Authentication “CN” value is replaced with the CN value of the LDAP administrator.
2. In ALM Site Admin, after a user is added into the “Site Admin” group, the Domain Authentication “CN” value is replaced with the CN value of the LDAP administrator