16.10 - Example: Using ldapsearch to Find the RootDSE in Active Directory, ADAM, or AD LDS - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can use the ldapsearch tool to find and display the contents of the RootDSE object from an Active Directory, ADAM, or AD LDS directory server.

For descriptions of the options used in this search, see About Ldapsearch.

The phrase...snipped... indicates output sections that the example does not show, because they do not apply to the directory interface with Teradata Database.
$ ldapsearch -x -H ldap://esroot -b "" -s base
dn:
currentTime: 20040820001616.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat
dsServiceName: CN=NTDS Settings,CN=ESROOT,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=esrootdom,
DC=esdev, DC=tdat
namingContexts: DC=esrootdom,DC=esdev,DC=tdat
namingContexts: CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
namingContexts: CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
namingContexts: DC=DomainDnsZones,DC=esrootdom,DC=esdev,DC=tdat
namingContexts: DC=ForestDnsZones,DC=esrootdom,DC=esdev,DC=tdat
defaultNamingContext: DC=esrootdom,DC=esdev,DC=tdat
schemaNamingContext: CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
configurationNamingContext: CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
rootDomainNamingContext: DC=esrootdom,DC=esdev,DC=tdat
supportedControl: 1.2.840.113556.1.4.319
...snipped...
supportedLDAPVersion: 3
...snipped...
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: esroot.esrootdom.esdev.tdat
ldapServiceName: esrootdom.esdev.tdat:esroot$@ESROOTDOM.ESDEV.TDAT
serverName: CN=ESROOT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
...snipped...
domainControllerFunctionality: 2
$
If the directory does not allow an anonymous read, a valid user identity and password must be presented and the database will require a service ID and password in order to use this directory service.

The output of the example ldapsearch command shows the contents of the RootDSE object, including the following critical attributes:

  • The supportedLDAPVersion attribute is set to 3. This value indicates that the directory is compliant with LDAPv3, the only LDAP version that Teradata Database supports.
  • The supportedSASLMechanisms attribute shows DIGEST-MD5, indicating that the RootDSE object supports DIGEST-MD5. Note that this is not related to the binding method specified in the ldapsearch, in this case -x simple binding.
  • The dnsHostName attribute contains the fully qualified DNS name for the directory server. All nodes of the Teradata Database server must resolve the host name of the directory through the system name resolution/lookup service in a way that exactly matches the data in this attribute.