Adding Corporate LDAP Configurations - Teradata AppCenter

Teradata® AppCenter User Guide

Product
Teradata AppCenter
Release Number
2.0
Published
September 2020
Language
English (United States)
Last Update
2020-09-28
dita:mapPath
zzv1586527506119.ditamap
dita:ditavalPath
ft:empty
dita:id
B035-1111
Product Category
Analytical Ecosystem

"" Root User

Although Teradata® AppCenter allows you to configure corporate LDAP or LDAPS, we strongly recommended you engage the Teradata Center for Enterprise Security team that is part of Teradata Professional Services to provide this configuration service. See Corporate LDAP Security Considerations and reach out to Teradata Professional Services.

User authentication is based on configured domains. AppCenter supports both LDAP and LDAPS and multiple LDAP domains and LDAP groups. If you added an OpenLDAP configuration, it will still work with your instance of AppCenter after you add corporate LDAP.

You cannot delete users that you add. If a user is no longer part of a configured LDAP, AppCenter retains only the username in the app-service database to maintain their associated apps or scripts.

If a user is part of a configured LDAP domain, they can log into AppCenter and are added as a user automatically at that time.

  1. Select "" > Settings > Authentication > "" , then complete LDAP configuration fields:
    Setting Required Description Example
    Directory Name Display name of the directory. yourcompany-ldap
    Host LDAP or LDAPS server hostname. ldap.yourcompany.com

    ldaps.yourcompany.com

    Port LDAP or LDAPS server port. 389 (LDAP)

    636 (LDAPS)

    3268 (Active Directory Global Catalog, LDAP)

    3269 (Active Directory Global Catalog, LDAPS)

    Encryption   None provides no encryption for connectivity.

    LDAPS incorporates SSL for greater security.

     
    Base DN Base DN for your tree. Can be shifted to restrict users from a single tree from logging in. DC=YOURCOMPANY,DC=COM
    Search Service Account Username User DN for user to connect to LDAP server. CN=AppCenter-User,OU=Service Accounts,DC=YOURCOMPANY,DC=COM
    Search Service Account Password Password for search user.  
    Vendor Vendor of your LDAP directory. OpenLDAP would be Other, which includes OpenLDAP, Novell eDirectory, Red Hat's 389 Directory Service, or ApacheDS.
    User object classes LDAP object classes that identify your users. The default, person, OrganizationalPerson, user should match most organizations.
    User search filter   Filter for specific users. (!(cn=<useruniqueldapidentifier>))
    Group object classes LDAP object classes that identify your groups. groupOfNames
    Custom groups filter   Filter for LDAP groups. (|(cn=group20028) (cn=group20006) (CN=group20003) (CN=group20038))
    UUID Field Unique LDAP attribute within the directory to identify user accounts. For Active Directory, this attribute could be objectGUID or sAMAccountName.

    For eDirectory, this attribute could be GUID.

    It could also be CN if CN is unique for your entire directory.

    If you are using posixAccount, it could be posixAccount.

    Username Field Username attribute. For Active Directory, this attribute could be sAMAccountName.

    It could also be CN if that is your login name.

    If you are using posixAccount, it could be posixAccount.

    Member Field Attribute in a group entry for user membership. Should contain a DN pointing to the users who are members of the group. For most directories, this attribute should be member.
    Email field Email attribute. For most directories, this attribute should be mail.
    Group Base DN

    If using LDAP groups

    Base DN containing all of your groups. OU=Groups,DC=YOURCOMPANY,DC=COM
    Group Id

    If using LDAP groups

    Unique identifier for your groups. cn

    For Active Directory, this could also be the sAMAccountName.