17.10 - Sample Identity Map for Logging on with a UPN - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You can configure the LDAP mechanism to create an identity map for usernames that logon with a FQDN, such as user@dom1.dom2.dom3, for example:

<Mechanism Name="ldap">
    <MechanismProperties
        ...
        />
    <IdentityMap
      Match="match"
      Pattern="pattern"/>
      DatabaseName="database_name"/>
</Mechanism>
match
A Posix regular expression representing a matching rule that shows how the username is divided into sub-strings. The individual substrings are enclosed by ( ).
Example: ([^@]+)@([^\.]+)\.([^\.]+)\.([^\.]+)
pattern
The substitution rule that determines how the map extrapolates a DN from the username substrings defined in the Match attribute.
Example: uid=${1},ou=users,dc=${2},dc=${3},dc=${4}
database_name
Defines how the system rewrites the username so that the database can identify the user in a particular form.
The value ${1} identifies the user in the database using only the uid portion of the logon, and drops the ${2}, ${3}, and ${4} portions of the username.
Example: ${1}
The identity map does not require a service bind.