For directory principals not mapped to a Teradata user, specify -u as the directory principal user name, along with the IP address and any mapped profile.
$ tdspolicy -u uid=drct01,ou=principals,dc=domain1,dc=com –p profile01 –s local_service_DN –i 22.214.171.124 Querying policy using the following parameters: External user: uid=drct01,ou=principals,dc=domain1,dc=com Teradata profile: profile01 IP address: 126.96.36.199 Mechanisms: krb5, ldap Confidentiality QoPs: low, high
where the directory principal specified by -u:
- Can use only the KRB5, SPNEGO, or LDAP mechanism to log on.
- Must use confidentiality with high QOP for LDAP logons. Confidentiality is also enforced for KRB5 and SPNEGO logons, but the QOP strength is determined by Kerberos.