To fully utilize the objects in the Teradata schema extensions, Active Directory, ADAM, and AD LDS automatically generate three additional objects, along with associated attributes and values, when you install Teradata schema extensions in the directory.
|tdatGroupExt||Optional for tdatRoleMemberOf|
|tdatIPFilterExt||Optional for tdatIPFilterMemberOf|
The attributes of these special Active Directory/ADAM/AD LDS objects are linked to other attributes common to all directories.
|This common attribute...||Links to this special Active Directory, ADAM, or AD LDS attribute...|
When you map a Teradata Database user to a directory user by adding a tdatUserMember attribute to the tdatUser object, you must set the value of the tdatUserMember attribute to the FQDN of the directory user. Because the two attributes are linked, the directory automatically creates a tdatUserMemberOf attribute in the directory user object, which points back to the tdatUser object.
Mapping of tdatProfile objects to users and tdatRole objects to groups is similar, in that it requires setting a value for the tdatProfileMember and tdatRolemember attributes.
Removing values from the member attributes also has some automatic consequences in Active Directory, ADAM, and AD LDS, for example:
- When you remove a tdatUserMember attribute from a tdatUser object, the directory automatically removes the corresponding tdatUserMemberOf attribute.
- If you remove a user from the directory, the directory automatically removes the corresponding tdat Member attributes from any objects mapped to the user.