17.10 - Comparing User Identification Options - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update
You can configure user identification options to:
  • Increase the directory efficiency of binding the simple username to the DN.
  • Provide a link between the simple username and the DN in directories where the link does not exist, to allow directory users to logon with a simple username.
Identification Option Description
Using Identity Mapping An identity map defines a pattern and a rule that identifies the structure of the DN and how it relates to the simple user name.
Identity maps:
  • Are easier to configure
  • Do not require a service bind
  • Are useful if the map can construct the user DN with only the information in the simple username, which is sometimes not possible.
Using Identity Searches An identity search describes search criteria that LDAP uses to locate the user in the directory, and also allows you to specify the search scope and a filter, for a more precise search.
Identity searches:
  • Require a more complex configuration than identity maps
  • Can find any user regardless of its location in the directory
  • Require a service bind, which you must configure
  • Are useful when the directory does not have a strict hierarchical structure

You can configure both identification options concurrently, if needed. See Using Multiple IdentityMap and IdentitySearch Elements in Combination.