LDAP Configuration Options | Teradata Viewpoint - 16.20 - 16.50 - LDAP Configuration Options - Teradata Viewpoint

Teradata® Viewpoint Installation, Configuration, and Upgrade Guide for Customers

Product
Teradata Viewpoint
Release Number
16.20
16.50
Release Date
July 2021
Content Type
Administration
Configuration
Installation
Publication ID
B035-2207-071K
Language
English (United States)

Teradata Viewpoint authentication is configured in the LDAP Servers portlet.

Basic Configuration

Attribute Description
Server Nickname Short name by which this LDAP configuration is referred to in the LDAP Servers portlet. This name must be 8 characters or less.
Enable server When selected, enables this LDAP configuration as part of the Teradata Viewpoint authentication process.

Cleared, disables this LDAP configuration as part of the Teradata Viewpoint authentication process.

URL One or more URLs for this LDAP configuration. The URL must include the appropriate protocol (ldap:// or ldaps://) as well as the port, for example, ldap://ldap.acme.com:389. Enter more than one URL only if all of the URLs point to a similarly configured LDAP server. This might be the case if you have replicated LDAP servers or a failover LDAP server that should be used if the primary one is unreachable.

DN Pattern Bind

Attribute Description
Pattern DN patterns used to perform the LDAP user bind attempt. The patterns are invoked in the order specified, so it is recommended that you put the patterns that match the most users before those that match fewer users. For example:

CN={0},OU=User Accounts,DC=td,DC=acme,DC=com

User Search

Attribute Description
Service Account DN DN of the LDAP service account. The DN must not be surrounded by parentheses.
Service Account Password Password of the LDAP service account.
Search Pattern LDAP attribute to match against the username when searching for a user entry.

If the CN attribute is the username, set to (CN={0}).

If the sAMAccountName attribute is the username, set to (sAMAccountName={0}).

Search Base Entry that is the base of the subtree containing users. If not specified, the search base is the top-level context. For example:

OU=User Accounts,DC=td,DC=acme,DC=com

Search Extent When the Recursive scan check box is selected, searches the entire subtree rooted at the search base entry. When cleared, requests a single-level search including only the top level.

Key User Information

Attribute Description
LDAP First Name Attribute Name of the attribute on the LDAP user entry that specifies the first name of the user (given name).
LDAP Last Name Attribute Name of the attribute on the LDAP user entry that specifies the last name of the user (surname).
LDAP Email Attribute Name of the attribute on the user object that specifies the email address of the user.

Auto-Provisioning

Attribute Description
Turn on auto-provisioning Select to turn on auto-provisioning
Automatically assign these roles When auto-provisioning is enabled, the newly provisioned user is automatically added to these roles. This attribute is often set to User.

Role Mapping Global Settings

Attribute Description
Group Search Base Entry that is the base of the subtree containing groups. This field needs to be specified only if role mappings of type Group are used.
Group Attribute Name Name of the attribute on the LDAP group entry that contains the DNs of the users in the group.
Group Search Extent When the Search subtree check box is selected, searches the entire subtree rooted at the Group search base entry.

When cleared, requests a single-level search including only the top level. This field needs to be specified only if role mappings of type Group are used.

Role Mapping Individual Settings

Attribute Description
Type Set to Attribute to perform a mapping from an LDAP user entry value to a Teradata Viewpoint role.

Set to Group to perform a mapping from an LDAP group to a Teradata Viewpoint role.

Attribute Name Name of an LDAP attribute in the user entry that specifies LDAP group and role membership for mapping to Teradata Viewpoint roles. This setting is applicable only to mappings of type Attribute.
LDAP Value Value of the attribute specified in the Attribute name field that should be mapped to the role specified in the Viewpoint role field.
Viewpoint Role Role in Teradata Viewpoint to which users are mapped.