- Set the LdapClientMechanism property to “simple” on Teradata Vantage nodes.If you use Option 3: Non-LDAP External Authentication with Directory Authorization, TDGSS ignores the setting for this property and automatically implements a simple bind.
- When you implement simple binds and the directory does not support the use of simple user names in the logon string for the bind DN, do one of the following:
- If LDAP can create the user DN from the simple user name without searching the directory, you can employ an identity map as a template to substitute data from the simple username and create the DN. See Using Identity Mapping.
- If the directory contains a divergent user location scheme, implement the identity search option, which allows Vantage to search the directory for the DN. See Using Identity Searches.The identity search option also requires configuration of service binding. See Using Service Binds.
Teradata strongly recommends that sites using simple binds also configure TLS protection, as shown in Using TLS with a Directory Server.