16.10 - Comparing User Identification Options - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can configure user identification options to:

  • Increase the directory efficiency of binding the simple username to the DN.
  • Provide a link between the simple username and the DN in directories where the link does not exist, to allow directory users to logon with a simple username.
Identification Option Description
Using Identity Mapping An identity map defines a pattern and a rule that identifies the structure of the DN and how it relates to the simple user name.

Identity maps:

  • Are easier to configure
  • Do not require a service bind
  • Are useful if the map can construct the user DN with only the information in the simple username, which is sometimes not possible.
Using Identity Searches An identity search describes search criteria that LDAP uses to locate the user in the directory, and also allows you to specify the search scope and a filter, for a more precise search.

Identity searches:

  • Require a more complex configuration than identity maps
  • Can find any user regardless of its location in the directory
  • Require a service bind, which you must configure
  • Are useful when the directory does not have a strict hierarchical structure

You can configure both identification options concurrently, if needed. See Using Multiple IdentityMap and IdentitySearch Elements in Combination.