17.10 - Special Objects and Attributes Required for Active Directory, ADAM, and AD LDS - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

To fully utilize the objects in the Teradata schema extensions, Active Directory, ADAM, and AD LDS automatically generate three additional objects, along with associated attributes and values, when you install Teradata schema extensions in the directory.

Object Related Attribute
tdatUserExt Optional for:
  • tdatUserMemberOff
  • tdatProfileMemberOft
tdatGroupExt Optional for tdatRoleMemberOf
tdatIPFilterExt Optional for tdatIPFilterMemberOf

The attributes of these special Active Directory/ADAM/AD LDS objects are linked to other attributes common to all directories.

This common attribute... Links to this special Active Directory, ADAM, or AD LDS attribute...
tdatUserMember tdatUserMemberOf
tdatRoleMember tdatRoleMemberOf
tdatProfileMember tdatProfileMemberOf
tdatIPFilterMember tdatIPFilterMemberOf

When you map a Teradata Vantage user to a directory user by adding a tdatUserMember attribute to the tdatUser object, you must set the value of the tdatUserMember attribute to the FQDN of the directory user. Because the two attributes are linked, the directory automatically creates a tdatUserMemberOf attribute in the directory user object, which points back to the tdatUser object.

Mapping of tdatProfile objects to users and tdatRole objects to groups is similar, in that it requires setting a value for the tdatProfileMember and tdatRolemember attributes.

Removing values from the member attributes also has some automatic consequences in Active Directory, ADAM, and AD LDS, for example:

  • When you remove a tdatUserMember attribute from a tdatUser object, the directory automatically removes the corresponding tdatUserMemberOf attribute.
  • If you remove a user from the directory, the directory automatically removes the corresponding tdat Member attributes from any objects mapped to the user.