16.10 - Comparing User Identification Options - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You can configure user identification options to:

  • Increase the directory efficiency of binding the simple username to the DN.
  • Provide a link between the simple username and the DN in directories where the link does not exist, to allow directory users to logon with a simple username.
Identification Option Description
Using Identity Mapping An identity map defines a pattern and a rule that identifies the structure of the DN and how it relates to the simple user name.

Identity maps:

  • Are easier to configure
  • Do not require a service bind
  • Are useful if the map can construct the user DN with only the information in the simple username, which is sometimes not possible.
Using Identity Searches An identity search describes search criteria that LDAP uses to locate the user in the directory, and also allows you to specify the search scope and a filter, for a more precise search.

Identity searches:

  • Require a more complex configuration than identity maps
  • Can find any user regardless of its location in the directory
  • Require a service bind, which you must configure
  • Are useful when the directory does not have a strict hierarchical structure

You can configure both identification options concurrently, if needed. See Using Multiple IdentityMap and IdentitySearch Elements in Combination.