16.10 - Sample Identity Map for Simple User Names - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You can use the following identity map for any simple username specified in a valid logon, for example, jsmith. You must include domain information sufficient to construct the DN as part of the Pattern attribute, for example:

<Mechanism Name="ldap">
    <MechanismProperties
        ...
        />
    <IdentityMap
      Match="(.*)"
      Pattern="cn=${1},ou=people,dc=div,dc=corp,dc=com"/>
      DatabaseName="svc1_${0}"/>
</Mechanism>
For sites using multiple directory services, where users normally log on using only simple uids, you can use the DatabaseName attribute to affix a string that represents the service to the authcid, to differentiate among possible duplicate usernames that may appear in the various services. Using the value shown in the IdentityMap example:
DatabaseName="svc1_${0}"

subsequent logons using the simple user name jsmith, identify the user as "svc1_jsmith" in the database, where ${0} causes the database to use the entire authcid (jsmith).