17.20 - Explanation of the Search for User drct01 - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Analytics Database
Teradata Vantage
Release Number
June 2022
English (United States)
Last Update
Search Criteria Description
ldapsearch Input
-H ldap://server:port/ Identifies the URI for the LDAP server.

For details, see Running Ldapsearch.

-U drct01 Names the directory user authenticated in the search.
-b "CN=Users, DC=esrootdom,DC=esdev,DC=tdat" Identifies the search base.

In the example, the users container appears in the default naming context. User drct01 and all Active Directory users are all children of this container.

-s one Requests a search of only children of the object named in the -b option.
"(sAMAccountName=drct01)" Specifies the search filter. Limits the search to the object where the sAMAccountName attribute contains drct01.
ldapsearch Output
Password: Prompts for the directory password of the user named in the -u option.
dn: CN=John Doe CN=Users,DC=esrootdom,DC=esdev,DC=tdat Specifies the distinguished name of the user drct01. This object is returned as a result of the search filter, not the bind of user drct01.
objectClass: top Lists these are common directory user entries, shown for reference, which may or may not appear in your directory.
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Doe
sn: Doe
givenName: John
distinguishedName: CN=John Doe,CN=Users, DC=esrootdom, DC=esdev,DC=tdat
instanceType: 4
whenCreated: 20040605220928.0Z
whenChanged: 20040728221734.0Z
displayName: Directory User1
uSNCreated: 50268
memberOf: CN=xu1,OU=groups,OU=testing, DC=esrootdom, DC=esdev, DC=tdat Lists the groups in which the user has membership.

The data contained in this attribute can help you to search the group for roles assigned to the user, that is, any role that appears in a tdatRoleMemberOf attribute in the group object identified by the data in this attribute.

The tdatRoleMemberOf attribute in the group object is specific to Active Directory.

uSNChanged: 315083 Lists these are common directory entries, shown for reference, that may or may not appear in your directory.
name: Directory User 1
objectGUID: £?=å=çAƦ¶S++§
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 127337313454062500
lastLogoff: 0
lastLogon: 127355266545781250
pwdLastSet: 127309469682812500
primaryGroupID: 513
accountExpires: 9223372036854775807
logonCount: 140
sAMAccountName: drct01
sAMAccountType: 805306368
userPrincipalName: drct01@esrootdom.esdev.tdat
objectCategory: CN=Person, CN=Schema,CN=Configuration, DC=esrootdom,DC=esdev, DC=tdat
lastLogonTimestamp: 127355266545781250
tdatProfileMemberOf: CN=profxu1, CN=profiles, CN=end2end, CN=tdat, OU=testing, DC=esrootdom, DC=esdev,DC=tdat Locates directly the Teradata profile objects that describe the mapped user profiles. This attribute only appears in Active Directory.

If a directory user is mapped to a Vantage user, a row containing tdatUserMemberOf attribute is always present. This attribute identifies the tdatUser object that defines the Vantage user to which the directory user is mapped.