17.20 - Example: Detecting Bad Canonicalization - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

This example demonstrates an error that occurs when the directory server fails to translate the user name specified in the -u option to a fully qualified distinguished name (FQDN). In the directory is an object located by the FQDN, cn=identity mapping, cn=config. The children of this object contain configuration information that assists the directory server in transforming the user name into an FQDN. In order to view the identity mappings, you must search the directory as the directory administrator.

The identity mappings found in the directory take one of two forms. The most efficient form is the one that uses pattern matching and substitutions. The other form runs a directory search based on the form of the user name.

$ ldapsearch -U diperm01@testing -H ldap://esroot -b "" -s base -W -Z
Enter LDAP password:
Invalid credentials
additional info: SASL(-1): generic failure: unable canonify user
and get auxprops
$
The Teradata LDAP authentication does not support DIGEST-MD5. DIGEST-MD5 must not be used. Use SIMPLE binding instead.