Directory User Identification | Teradata Vantage - Directory User Identification - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-02
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

When the directory authenticates a database user, TDGSS searches for user information in the directory based on the directory username specified in the logon. Directories use distinguished names (DNs) to uniquely name each directory user object, for example:

cn=ab111222,ou=northamerica,ou=useraccounts,dc=div,dc=corp,dc=com

However, requiring users to enter the entire DN can result in logon errors. In addition, the database may be able to log only part of the DN, due to object name length limitations.

To avoid having to enter the entire DN, it is common practice to allow users to specify the simple form of the username in a logon string, for example:

ab111222

The authentication process links the simple username to the DN in the directory.

Although it is generally good practice, allowing the use of simple usernames in the database logon string can present problems:
  • Some directories do not allow a simple username in the logon string and force users to enter the entire DN at logons.
  • Directories that do allow simple usernames may not efficiently bind them to the correct DNs.