16.10 - Explanation of the Search for User drct01 - Teradata Database

Teradata Database Security Administration

Teradata Database
June 2017
Search Criteria Description
ldapsearch Input
-H ldap://server:port / Identifies the URI for the LDAP server.

For details, see Running Ldapsearch.

-U drct01 Names the directory user authenticated in the search.
-b "CN=Users,DC=esrootdom,DC=esdev,DC=tdat" Identifies the search base.

In the example, the users container appears in the default naming context. User drct01 and all Active Directory users are all children of this container.

-s one Requests a search of only children of the object named in the -b option.
"(sAMAccountName=drct01)" The search filter. Limits the search to the object where the sAMAccountName attribute contains drct01.
ldapsearch Output
Password: Prompts for the directory password of the user named in the -u option.
dn: CN=John DoeCN=Users,DC=esrootdom,DC=esdev,DC=tdat The distinguished name of the user drct01. This object is returned as a result of the search filter, not the bind of user drct01.
objectClass: top These are common directory user entries, shown for reference, which may or may not appear in your directory.
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Doe
sn: Doe
givenName: John
distinguishedName: CN=John Doe,CN=Users,DC=esrootdom,DC=esdev,DC=tdat
instanceType: 4
whenCreated: 20040605220928.0Z
whenChanged: 20040728221734.0Z
displayName: Directory User1
uSNCreated: 50268
memberOf: CN=xu1,OU=groups,OU=testing,DC=esrootdom,DC=esdev,DC=tdat Lists the groups in which the user has membership.

The data contained in this attribute can help you to search the group for roles assigned to the user, that is, any role that appears in a tdatRoleMemberOf attribute in the group object identified by the data in this attribute.

The tdatRoleMemberOf attribute in the group object is specific to Active Directory.

uSNChanged: 315083 These are common directory entries, shown for reference, that may or may not appear in your directory.
name: Directory User 1
objectGUID: £?=å=çAƦ¶S++§
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 127337313454062500
lastLogoff: 0
lastLogon: 127355266545781250
pwdLastSet: 127309469682812500
primaryGroupID: 513
accountExpires: 9223372036854775807
logonCount: 140
sAMAccountName: drct01
sAMAccountType: 805306368
userPrincipalName: drct01@esrootdom.esdev.tdat
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
lastLogonTimestamp: 127355266545781250
tdatProfileMemberOf: CN=profxu1,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=esrootdom,DC=esdev,DC=tdat Directly locates the Teradata Database profile objects that describe the mapped user profiles. This attribute only appears in Active Directory.

If a directory user is mapped to a Teradata Database user, a row containing tdatUserMemberOf attribute is always present. This attribute identifies the tdatUser object that defines the Teradata Database user to which the directory user is mapped.