17.10 - Example: Tdsbind Output for a Directory User Mapped to a Database User - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Assumptions:

1  # tdsbind -u diperm02
2  Enter LDAP password:
3              LdapGroupBaseFQDN: ou=groups,dc=domain1,dc=com
4               LdapUserBaseFQDN:
5                 LdapSystemFQDN: ou=system,ou=tdat,dc=domain1,dc=com
6                 LdapServerName: _ldap._tcp.domain1.com
7                 LdapServerPort: 389
8               LdapClientUseTls: yes
9            LdapClientTlsCACert: /etc/openldap/certs/server.pem
10          LdapClientTlsReqCert: demand
11           LdapClientMechanism: simple
12               LdapServiceFQDN: cn=dbssvc,ou=services,dc=domain1,dc=com
13  LdapServicePasswordProtected: yes
14           LdapServicePassword: configured
15       LdapServiceBindRequired: yes
16         LdapClientTlsCRLCheck: none
17  LdapAllowUnsafeServerConnect: yes
18                 UseLdapConfig: yes
19        AuthorizationSupported: yes
20
21             FQDN: uid=drct02,ou=principals,dc=domain1,dc=com
22         AuthUser: ldap://dsa1.domain1.com:389/uid=diperm01,ou=principals,dc=domain1,dc=com
23     DatabaseName: diperm01
24          Service: local
25         Profiles: prof01
26            Roles: extrole01, extrole02, extrole03
27            Users: perm01

For a mapped directory user, lines 1 through 12 have meanings similar to those for the unmapped directory user shown in Example: Tdsbind Output for a Directory User not Mapped to a Database User For a mapped directory user, tdsbind returns line 13. If the directory user maps to a permanentTeradata Vantage user, the permanent user name appears on line 13.

tdgssauth can also be used to test the LDAP settings:

tdgssauth -m ldap -u diperm02