16.10 - Sample Identity Map for Logging on with a UPN - Teradata Database

Teradata Database Security Administration

Teradata Database
Release Number
Release Date
June 2017
Content Type
Publication ID
English (United States)

You can configure the LDAP mechanism to create an identity map for usernames that logon with a FQDN, such as user@dom1.dom2.dom3, for example:

<Mechanism Name="ldap">


Attribute Name Example Attribute Value Description
Match (required) "([^@]+)@([^\.]+)\.([^\.]+)\.([^\.]+)" A Posix regular expression representing a matching rule that shows how the username is divided into sub-strings. The individual substrings are enclosed by ( ).
Pattern (required) "uid=${1},ou=users,dc=${2},dc=${3},dc=${4}" The substitution rule that determines how the map extrapolates a DN from the username substrings defined in the Match attribute.
DatabaseName (optional) "${1}" Defines how the system rewrites the username so that the database can identify the user in a particular form.

The value ${1} identifies the user in the database using only the uid portion of the logon, and drops the ${2}, ${3}, and ${4} portions of the username.

The identity map does not require a service bind.