The value of LdapBaseFQDN will serve as the default value for LdapGroupBaseFQDN and LdapUserBaseFQDN until such time as they are configured.The ASP.NET Active Directory Membership Provider does an authenticated bind to the Active Directory using a specified username, password, and "connection string". If the values of either LdapGroupBaseFQDN or LdapUserBaseFQDN are set (preferred), they will replace LdapBaseFQDN. Note: This property is deprecated in favor of the LdapGroupBaseFQDN and LdapUserBaseFQDN properties. It constitutes the search base for objects relevant to the Teradata configuration. The LdapBaseFQDN property contains the fully qualified distinguished name of a directory object that contains the User and Group object s, allowing them to be easily located. This information helps to locate the system without resorting to a deep search of the directory. This property identifies the fully qualified distinguished name (FQDN) of the directory object that contains the description of the Teradata Database server. Note: This property is not considered if the directory uses non-SASL binding for user authentication. If the logon string does specify a valid realm, that realm value will override the value of the LdapServerRealm property.If the logon string does not specify a realm, then TDGSS uses the value of the LdapServerRealm property. ![]() Realm information comes from one of two sources: Directory users logging on to Teradata Database must inhabit the realm specified in the logon string. This property identifies the name of the SASL realm to be used by the directory server for authentication. This property identifies the port designation for the LDAP service port The LdapServerName tells TDGSS which directory server or servers can be used for authentication. Directory users not mapped to a Teradata Database user can be mapped to the system-generated pseudo-user EXTUSER, which allows them limited database access privileges. If the AuthorizationSupported property of the LDAP mechanism is set to yes, it is usually because at least some directory users are mapped to Teradata Database users, roles, or profiles. inherit all the database privileges of the matching database userĭirectory users whose usernames are not duplicated in the database cannot access the database. ![]() can log on and be authenticated by the directory.If the AuthorizationSupported property of the LDAP mechanism is set to no, un-mapped directory users having a username that matches a Teradata Database username: In DEFAULT mode, you still have to connect Teradata with the LDAP user name and any password that you set in database.ĭescriptions of the Parameter in file TdgssUserConfigFile.xml If you change the user password in Active Directory for your LDAP user, you should specify this new password during connection to Teradata in LDAP mode. GRANT LOGON ON ALL TO test WITH NULL PASSWORD Now Create the test_ldap user in database.ĬREATE USER test_ldap AS PERM=1000, PASSWORD=test_ldap #tpareset -f "use updated TDGSSCONFIG GDO"Ĭreate the same user in the Teradata database as in Active Directory, as shown following. LdapUserBaseFQDN: OU=AXPC Users,DC=samba,DC=netįQDN: CN=test ldap ldap_test,OU=Anst,OU=AXPC Users,DC=samba,DC=netĪuthUser: ldap://:389/CN=test%20ldap%20ldap_test,OU=Anst,OU=AXPC%20Users,DC=samba,DC=net ![]() LdapGroupBaseFQDN: OU=AXPC Users,DC=samba,DC=net The output should be similar to the following. # /opt/teradata/tdat/tdgss/14.10.03.01/bin/tdsbind -u test_ldap -w test_ldap Consider a user test_ldap is created in Active Directory Test the configuration by running the following command. LdapBaseFQDN="OU=AXPC Users,DC=samba,DC=net"Īpply the changes by running the configuration as follows. In the procedure examples, the Active Directory domain is. Change the following parameter with your ldap information. In the /opt/teradata/tdat/tdgss/site directory, edit the file TdgssUserConfigFile.xml. To set up Lightweight Directory Access Protocol (LDAP) authentication for Teradata users who run Microsoft Active Directory in Windows, use the following procedure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |