17.10 - Explanation of the Search for User drct01 - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
Search Criteria Description
ldapsearch Input
-H ldap://server:port/ Identifies the URI for the LDAP server.

For details, see Running Ldapsearch.

-U drct01 Names the directory user authenticated in the search.
-b "CN=Users, DC=esrootdom,DC=esdev,DC=tdat" Identifies the search base.

In the example, the users container appears in the default naming context. User drct01 and all Active Directory users are all children of this container.

-s one Requests a search of only children of the object named in the -b option.
"(sAMAccountName=drct01)" The search filter. Limits the search to the object where the sAMAccountName attribute contains drct01.
ldapsearch Output
Password: Prompts for the directory password of the user named in the -u option.
dn: CN=John Doe CN=Users,DC=esrootdom,DC=esdev,DC=tdat The distinguished name of the user drct01. This object is returned as a result of the search filter, not the bind of user drct01.
objectClass: top These are common directory user entries, shown for reference, which may or may not appear in your directory.
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Doe
sn: Doe
givenName: John
distinguishedName: CN=John Doe,CN=Users, DC=esrootdom, DC=esdev,DC=tdat
instanceType: 4
whenCreated: 20040605220928.0Z
whenChanged: 20040728221734.0Z
displayName: Directory User1
uSNCreated: 50268
memberOf: CN=xu1,OU=groups,OU=testing, DC=esrootdom, DC=esdev, DC=tdat Lists the groups in which the user has membership.

The data contained in this attribute can help you to search the group for roles assigned to the user, that is, any role that appears in a tdatRoleMemberOf attribute in the group object identified by the data in this attribute.

The tdatRoleMemberOf attribute in the group object is specific to Active Directory.

uSNChanged: 315083 These are common directory entries, shown for reference, that may or may not appear in your directory.
name: Directory User 1
objectGUID: £?=å=çAƦ¶S++§
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 127337313454062500
lastLogoff: 0
lastLogon: 127355266545781250
pwdLastSet: 127309469682812500
primaryGroupID: 513
objectSid:?
accountExpires: 9223372036854775807
logonCount: 140
sAMAccountName: drct01
sAMAccountType: 805306368
userPrincipalName: drct01@esrootdom.esdev.tdat
objectCategory: CN=Person, CN=Schema,CN=Configuration, DC=esrootdom,DC=esdev, DC=tdat
lastLogonTimestamp: 127355266545781250
tdatProfileMemberOf: CN=profxu1, CN=profiles, CN=end2end, CN=tdat, OU=testing, DC=esrootdom, DC=esdev,DC=tdat Directly locates the Teradata profile objects that describe the mapped user profiles. This attribute only appears in Active Directory.

If a directory user is mapped to a Vantage user, a row containing tdatUserMemberOf attribute is always present. This attribute identifies the tdatUser object that defines the Vantage user to which the directory user is mapped.