Logons using the LDAP mechanism must include the name of either the domain or realm (depending on the directory), where both of the following are true:
- The site elects to use SASL/DIGEST-MD5 authentication. The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
- The authenticating directory server offers more than one SASL realm.
You can use the .logdata statement to specify a domain or realm in the form:
realm=realm_name
If the logon string does not include a domain/realm value, and a value is required, the system defaults to the value stored in the LdapServerRealm property of the LDAP mechanism. If the LdapServerRealm property value is not correct, you can change the value in the configuration file or require that users enter the correct value as part of the logon. If the system defaults to an incorrect LdapServerRealm property value, or if the user submits an invalid value as part of the logon string, the system returns an error message.
| Information on... | Is available in... |
|---|---|
| setting LdapServerRealm | LdapServerRealm. |
| specifying a domain/realm in a logon string | About Network Logons. |