- Evaluate the system for directory management of Teradata Database users. See Evaluating the System for Directory Management of Users.
- Make sure your directory is compatible with Teradata Database.
- Run tests to ensure that the directory properly communicates with the database.
- Determine the directory authentication/authorization strategy and learn the configuration requirements. See Working with Directory User Management Options.
Enable directory authentication/authorization as shown in the “Setting Up” topic for the option(s) that you want to implement.
- For auto provisioning perform the steps in Option 2: Directory Authentication and Authorization or in Option 3: Non-LDAP External Authentication with Directory Authorization depending on which matches your site configuration.
- For lightweight LDAP authorizations perform the steps in Option 4: Lightweight LDAP Authorizations.
- Review directory user characteristics, privileges, and required directory setup tasks. See About Directory User Characteristics.
- In the database, create profiles and external roles for assignment to directory users. See Creating Users and Granting Privileges.
- Provision directory users using either of these procedures.
- If they do not already exist in the directory, create database objects for roles and profiles. For auto provisioning create directory roles based on the external roles in the database. Assign directory principals to roles or profiles.
Skip this step if you are using lightweight LDAP authorizations. For lightweight LDAP authorizations you do not need to create database objects for users, roles, and profiles in the directory (in the tdatSystem).
- See the examples in Mapping Directory Users to Database External Roles.
- For information about profiles see About Assigning Profiles to Users and see the example in Mapping Directory Users to Database Profiles.
- Test the setup. See Testing Directory Authentication and Authorization Setup.
- Evaluate, and if necessary configure, LDAP binding and protection options. See:
- Evaluate, and if necessary, configure directory search options. See Optimizing Directory Searches.
- If multiple directory services access the Teradata Database, evaluate the need to complete special setup procedures. See:
- In a multi-system environment, where users log on through Unity, observe the additional directory configuration requirements needed for Unity. For information about Unity, see Teradata Unity Installation, Configuration, and Upgrade Guide for Customers (B035-2523) and Teradata Unity User Guide (B035-2520). Teradata recommends that you implement and test LDAP authentication and authorization of users for individual database systems before attempting to configure it for Unity.
- Evaluate, and if necessary configure, network security policies in the directory. See Network Security Policy.