16.10 - Example: Using ldapsearch to Find the RootDSE in Active Directory, ADAM, or AD LDS - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You can use the ldapsearch tool to find and display the contents of the RootDSE object from an Active Directory, ADAM, or AD LDS directory server.

For descriptions of the options used in this search, see About Ldapsearch.

The phrase...snipped... indicates output sections that the example does not show, because they do not apply to the directory interface with Teradata Database.
$ ldapsearch -x -H ldap://esroot -b "" -s base
dn:
currentTime: 20040820001616.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat
dsServiceName: CN=NTDS Settings,CN=ESROOT,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=esrootdom,
DC=esdev, DC=tdat
namingContexts: DC=esrootdom,DC=esdev,DC=tdat
namingContexts: CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
namingContexts: CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
namingContexts: DC=DomainDnsZones,DC=esrootdom,DC=esdev,DC=tdat
namingContexts: DC=ForestDnsZones,DC=esrootdom,DC=esdev,DC=tdat
defaultNamingContext: DC=esrootdom,DC=esdev,DC=tdat
schemaNamingContext: CN=Schema,CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
configurationNamingContext: CN=Configuration,DC=esrootdom,DC=esdev,
DC=tdat
rootDomainNamingContext: DC=esrootdom,DC=esdev,DC=tdat
supportedControl: 1.2.840.113556.1.4.319
...snipped...
supportedLDAPVersion: 3
...snipped...
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: esroot.esrootdom.esdev.tdat
ldapServiceName: esrootdom.esdev.tdat:esroot$@ESROOTDOM.ESDEV.TDAT
serverName: CN=ESROOT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=esrootdom,DC=esdev,DC=tdat
...snipped...
domainControllerFunctionality: 2
$
If the directory does not allow an anonymous read, a valid user identity and password must be presented and the database will require a service ID and password in order to use this directory service.

The output of the example ldapsearch command shows the contents of the RootDSE object, including the following critical attributes:

  • The supportedLDAPVersion attribute is set to 3. This value indicates that the directory is compliant with LDAPv3, the only LDAP version that Teradata Database supports.
  • The supportedSASLMechanisms attribute shows DIGEST-MD5, indicating that the RootDSE object supports DIGEST-MD5. Note that this is not related to the binding method specified in the ldapsearch, in this case -x simple binding.
  • The dnsHostName attribute contains the fully qualified DNS name for the directory server. All nodes of the Teradata Database server must resolve the host name of the directory through the system name resolution/lookup service in a way that exactly matches the data in this attribute.