5.4.4 - Database Connections Using LDAP - Teradata Warehouse Miner

Teradata Warehouse Miner Model Manager User Guide

prodname
Teradata Warehouse Miner
vrm_release
5.4.4
created_date
July 2017
category
User Guide
featnum
B035-2303-077K

Use Lightweight Directory Access Protocol (LDAP) to establish database connections with external authentication. Although you can enable LDAP in Teradata Database or in the Tomcat application Server, Model Manager has only been certified when LDAP is enabled in the Teradata database.

For LDAP authentication, the logdata must contain the user authcid (authentication id) and the user password. The LDAP logdata parameters are separated by spaces, not commas.

This form of logdata works with Sun and few other directories using DIGEST-MD5 binding. It does not work with Active Directory or ADAM.

If you use a Sun or other non-Microsoft directory and you have Teradata schema installed in your directory service, the user cn=twm01,dc=tera,dc=data is explicitly mapped to a Teradata user, profile, or role. Otherwise, the user name is created using the first 30 characters of your authcid, which is not the expected one.

If you are using Active Directory, use DIGEST-MD5 binding and your domain user name for the authcid or simple binding. Use the contents of the userPrincipalName attribute as the authcid.

If you are using ADAM, use simple binding and the contents of the userPrincipalName attribute as your authcid. In all cases where simple binding is used, configure your directory service so that SSL or TLS protection is enabled and the database is configured to use either SSL or TLS when communicating with the directory service.

See the Security Administration manual for the instructions on setting up directory authentication and executing logon.