17.10 - Example: Using ldapsearch to Find the RootDSE in Active Directory, ADAM, or AD LDS - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You can use the ldapsearch tool to find and display the contents of the RootDSE object from an Active Directory, ADAM, or AD LDS directory server.

For descriptions of the options used in this search, see About Ldapsearch.

The phrase ...snipped... indicates output sections that the example does not show, because they do not apply to the directory interface with Teradata Vantage.
$ ldapsearch -x -H ldap://esroot -b "" -s base
dn:
currentTime: 20040820001616.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat
dsServiceName: CN=NTDS Settings,CN=ESROOT,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=esrootdom,
DC=esdev, DC=tdat
namingContexts: DC=esrootdom,DC=esdev,DC=tdat
namingContexts: CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
namingContexts: CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
namingContexts: DC=DomainDnsZones,DC=esrootdom,DC=esdev,DC=tdat
namingContexts: DC=ForestDnsZones,DC=esrootdom,DC=esdev,DC=tdat
defaultNamingContext: DC=esrootdom,DC=esdev,DC=tdat
schemaNamingContext: CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
configurationNamingContext: CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
rootDomainNamingContext: DC=esrootdom,DC=esdev,DC=tdat
supportedControl: 1.2.840.113556.1.4.319
...snipped...
supportedLDAPVersion: 3
...snipped...
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: esroot.esrootdom.esdev.tdat
ldapServiceName: esrootdom.esdev.tdat:esroot$@ESROOTDOM.ESDEV.TDAT
serverName: CN=ESROOT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
...snipped...
domainControllerFunctionality: 2
$
If the directory does not allow an anonymous read, a valid user identity and password must be presented and the database will require a service ID and password in order to use this directory service.
The output of the example ldapsearch command shows the contents of the RootDSE object, including the following critical attributes:
  • The supportedLDAPVersion attribute is set to 3. This value indicates that the directory is compliant with LDAPv3, the only LDAP version that Teradata Vantage supports.
  • The supportedSASLMechanisms attribute shows DIGEST-MD5, indicating that the RootDSE object supports DIGEST-MD5. This is not related to the binding method specified in the ldapsearch, in this case -x simple binding.
    The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
  • The dnsHostName attribute contains the fully qualified DNS name for the directory server. All nodes of the Teradata Vantage server must resolve the host name of the directory through the system name resolution/lookup service in a way that exactly matches the data in this attribute.