17.10 - Finding the Available Sites in the Forest - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Once you choose a GC server, you must use the ldapsearch command to search for sites that contain GC servers that can authenticate users.

  1. Use the ldapsearch command to locate the configurationNamingContext for the forest:
    ldapsearch -x -b "" -s base -H ldap://GC_server_name:port  configurationNamingContext
    GC_server_name
    The DNS name of the GC server. For instructions on finding the server, see Finding All GC Servers in the Forest.
    port
    The port number for the GC_server_name.

    The ldapsearch command produces output similar to the following:

    # extended LDIF
    #
    # LDAPv3
    # base <> with scope base
    # filter: (objectclass=*)
    # requesting: configurationNamingContext
    #
    #
    
    dn:
    configurationNamingContext: CN=Configuration,DC=ROOTDOMAIN,DC=COM
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1

    where the value of the configurationNamingContext attribute is the -b search base you must use to find sites.

  2. Use the value of the configurationNamingContext attribute to construct an ldapsearch command that lists the sites served by the GC server, that is, sites at which the GC server can locally authenticate users, based on the binding scheme used by the site.
    • For simple binding:
      ldapsearch -x -D user_principal_name -W -H ldap://GC_server_name:port -ZZ \
         -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
    • For DIGEST-MD5 binding [Deprecated]:
      The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
      ldapsearch -Y DIGEST-MD5 -U user_name -H ldap://GC_server_name:port \
         -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
      user_principal_name
      The UPN for the user running the command.
      GC_server_name
      The GC server selected in Finding All GC Servers in the Forest.
      port
      The GC server default port.
      config_naming_context
      The value of the configurationNamingContext attribute. See Finding the Root Domain Name.
      user_name
      The domain username for the user running the command.
      For command options not described in the preceding table, see Working with Ldapsearch.

      The ldapsearch command returns output similar to:

      # extended LDIF
      #
      # LDAPv3
      # base <CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM> with scope one
      # filter: (objectClass=site)
      # requesting: cn
      
      # China, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=China,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: China
      
      # NewYorkDiv, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=NewYorkDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: NewYorkDiv
      
      # SanDiegoHQ, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=SanDiegoHQ,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: SanDiegoHQ
      
      # India, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=India,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: India
      
      # Japan, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=Japan,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: Japan
      
      # ChicagoDiv, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=ChicagoDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: ChicagoDiv
      
      # search result
      search: 2
      result: 0 Success
      
      # numResponses: 7
      # numEntries: 6

      The example output shows three sites, China, India, and Japan, which are not listed in the search of the single domain shown in Locating the Site Objects in a Domain, and therefore represent separate domains within the forest.