Use the setldapsearch subcommand to specify the LDAP search criteria to use to find an LDAP user account to authenticate against. The setldapsearch subcommand uses the user name that the user enters in the Rational ClearQuest® Login window.
installutil setldapsearch dbset1 bob_admin bob_pw "–s sub –b 'ou=hr dept,o=ibm.com' mail=%login%"
installutil setldapsearch dbset1 bob_admin bob_pw "-s sub -b ou=my_org, dc=ldapmsft,dc=com (&(objectCategory=person)(sAMAccountName=%login%) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))"