16.10 - Special Objects and Attributes Required for Active Directory, ADAM, and AD LDS - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

To fully utilize the objects in the Teradata schema extensions, Active Directory, ADAM, and AD LDS automatically generate three additional objects, along with associated attributes and values, when you install Teradata schema extensions in the directory.

Object Related Attribute
tdatUserExt Optional for:
  • tdatUserMemberOff
  • tdatProfileMemberOft
tdatGroupExt Optional for tdatRoleMemberOf
tdatIPFilterExt Optional for tdatIPFilterMemberOf

The attributes of these special Active Directory/ADAM/AD LDS objects are linked to other attributes common to all directories.

This common attribute... Links to this special Active Directory, ADAM, or AD LDS attribute...
tdatUserMember tdatUserMemberOf
tdatRoleMember tdatRoleMemberOf
tdatProfileMember tdatProfileMemberOf
tdatIPFilterMember tdatIPFilterMemberOf

When you map a Teradata Database user to a directory user by adding a tdatUserMember attribute to the tdatUser object, you must set the value of the tdatUserMember attribute to the FQDN of the directory user. Because the two attributes are linked, the directory automatically creates a tdatUserMemberOf attribute in the directory user object, which points back to the tdatUser object.

Mapping of tdatProfile objects to users and tdatRole objects to groups is similar, in that it requires setting a value for the tdatProfileMember and tdatRolemember attributes.

Removing values from the member attributes also has some automatic consequences in Active Directory, ADAM, and AD LDS, for example:

  • When you remove a tdatUserMember attribute from a tdatUser object, the directory automatically removes the corresponding tdatUserMemberOf attribute.
  • If you remove a user from the directory, the directory automatically removes the corresponding tdat Member attributes from any objects mapped to the user.