| Tdsbind Option | Description |
|---|---|
| -B base_fqdn | The FQDN of a directory object containing directory user and group objects. By default, tdsbind uses the value of the LdapBaseFQDN property. Although this option continues to function, it is deprecated. See LdapBaseFQDN.
|
| -c | Causes the system to initialize TDGSS as if it were a configured client. This attribute is not currently valid. You cannot use this option if you use either the -s or -t option. |
| -D referral_method | Specifies the how referrals are chased. If this property is omitted, Tdsbind uses the value of the LdapClientDeref property from the TDGSS user configuration file. Teradata recommends that you do not use referral chasing. See LdapClientDeref.
|
| -d ldap_realm | The name of the SASL realm for DIGEST-MD5 binding of the directory user. The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
This option is meaningful only when both of the following are true:
By default, tdsbind uses the value configured for the LdapServerRealm property in the LDAP mechanism. This option is deprecated. If you need to specify a non-default value, specify a value for the LdapServerRealm in the -O option.
See LdapServerRealm. |
| -f file name | The name of a file generated using the ipxml2bin utility, which defines a set of IP logon restrictions. For information about XML IP restrictions, see Creating XML-Based IP Restrictions. |
| -G groupbase_fqdn | The FQDN of any object in the directory that is the base of a subtree which contains group objects. If you do not specify an FQDN for -G, tdsbind uses the value of the LdapGroupBaseFQDN property. If the LdapGroupBaseFQDN property does not contain an FQDN, the system uses the value for the -B option (not recommended). See LdapGroupBaseFQDN. |
| -h ldap_host | The name of the LDAP directory server. By default, tdsbind uses the value of the LdapServerName property. The -h option is deprecated. If you need to specify a value other than the default, use the -O option to specify an LdapServerName.
See LdapServerName for naming options. |
| -I ip_add | Specifies an IP address. Tdsbind tests the IP address against any configured IP restrictions to determine whether any of the restrictions denies the user access to the database from the IP address.
To test a new IP restriction, before you create or change the system IP configuration, also use the -f option to specify a test file.
For further information on setting up IP restrictions, see Restricting Logons by IP Address. |
| -O property=value | Specifies one or more alternate values for LDAP property settings, and supersedes the values in the TdgssUserConfigFile.xml, with these constraints:
You can use -O to test new configurations. See Making Changes to TdgssUserConfigFile.xml on Database Nodes. For detailed information on using LDAP properties, see the topics beginning with Directory Identification and Search Properties. |
| -p ldap_port | Specifies the LDAP service port. The -p option is deprecated. The system defaults to the port designation associated with the naming convention specified for the LdapServerName property. If you need to specify a port other than that associated with the LdapServerName property, use the -O option to change the LdapServerName to include the optional port designation.
See LdapServerName. |
| -q | Specifies that tdsbind run in “quiet” mode, that is, suppress the display of LDAP properties and values, and show only user-specific information. |
| -R referral_setting | Specifies whether referral chasing is enabled or disabled. If you do not specify this option, tdsbind uses the value of the LdapClientReferrals property, which is set to off by default. Teradata recommends that you do not use referral chasing.
See LdapClientReferrals. |
| -r random_device | Specifies the name of a device, FIFO, or pipe that provides random bits when the default /dev/[u]random (the built-in Linux random number generator) is not available, or if an alternate source is preferred. If you do not specify a value for this option, the system defaults to /dev/[u]random, or to the value of the LdapClientRandomDevice property, if it is configured. |
| -S system_fqdn | Specifies the FQDN of the directory object that defines the Teradata Vantage server (the tdatSystem object). By default, tdsbind uses the value of the LdapSystemFQDN property. See LdapSystemFQDN. |
| -s | If you use this option, the system initializes TDGSS as if it were a configured database node, and is the default if the tdsbind statement does not define other TDGSS initializing criteria. You cannot use this option if you use either the -c or -t option. |
| -t directory_name | Specifies a directory containing a different version of the TDGSS bin and etc directories. This argument causes the system to initialize TDGSS in a test environment instead of the normal default location. You cannot use this option if you use either the -c or -s option. |
| -U td_user | Specifies a Vantage username, which tdsbind uses, along with the IP address specified in -I ip_add, to evaluate whether a user logon is restricted. If you use this option, the bind process does not take place, because it is not required to test IP restrictions. Tdsbind ignores any specified bind options, for example, the database user password. When this option is specified, the -I option is required. |
| -u dir_user | The authentication identifier for the directory user; a valid directory user authcid. You must specify this option if you are binding a directory user, for example, when you test directory user authentication and authorization characteristics against a new TdgssUserConfigFile.xml. There is no default. This option is not required when you use tdsbind to test user IP restrictions. Instead, use the -U option to specify a database user.
|
| -V | Specifies the debug flags to be passed to the OpenLDAP client API. If this property is omitted, tdsbind uses the value of the LdapClientDebug property from the TDGSS user configuration file. The default is no. You can use the LdapClientDebug property to assist the Teradata Support Center in debugging LDAP directory issues, but this property is not user setable.
Do not use this option without Teradata Support Center assistance. Values other than the default may cause system malfunction.
|
| -v version | Initializes a specific version of TDGSS. Tdsbind defaults to the current TDGSS version. Like -t, you cannot use -v with the -c or -s option. |
| -w password | The password for the directory user specified in the -u option. By default, tdsbind interactively prompts the user for a password and securely reads the submitted password. |
| -X user_base_fqdn | The fully qualified distinguished name of any object in the directory that is the base of a subtree which contains the user objects. If you omit this property, tdsbind uses the value of the LdapUserBaseFQDN property. See LdapUserBaseFQDN. If the value of the LdapUserBaseFQDN property is not set, tdsbind uses the value for the tdsbind -B option. |