Directory User Identification | Teradata Vantage - About Directory User Identification - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

When the directory authenticates a database user, TDGSS searches for user information in the directory based on the directory username specified in the logon. Directories use distinguished names (DNs) to uniquely name each directory user object, for example:

cn=ab111222,ou=northamerica,ou=useraccounts,dc=div,dc=corp,dc=com

However, requiring users to enter the entire DN can result in logon errors. In addition, the database may be able to log only part of the DN, due to object name length limitations.

To avoid having to enter the entire DN, it is common practice to allow users to specify the simple form of the username in a logon string, for example:

ab111222

The authentication process links the simple username to the DN in the directory.

Although it is generally good practice, allowing the use of simple usernames in the database logon string can present problems:

  • Some directories do not allow a simple username in the logon string and force users to enter the entire DN at logons.
  • Directories that do allow simple usernames may not efficiently bind them to the correct DNs.