16.10 - LdapCredentialIsUPN - Teradata Database

Teradata Database Security Administration

Teradata Database
June 2017

For some logon forms, tells TDGSS how to interpret the portion of the logon string that identifies the user.

For example, for the BTEQ logon:

.logon  system/user,password

If the user specification is in the form “a@b” or a/b” or “a\b”, the setting of LdapCredentialIsUPN tells the system whether to treat the entire user specification as an Authcid or to use the special characters to construct a UPN.

Also see LDAP Logon Format Examples.

Default Property Value

The default value is yes.

Valid Settings

Setting Description
yes (default) The system treats the user specification as a UPN.
no The system interprets the entire user specification as a user Authcid.

Supporting Mechanisms for LdapCredentialIsUPN

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
LDAP May Be Edited

Editing Guidelines

  • If the LdapCredentialIsUPN property is absent or set to yes (the default), the system treats the user specification as a UPN, which must conform to the rules of IETF 1964.
    When considered as a UPN, the user specification, as shown in the example in the introductory text for this property (above), must appear in the logon as: “a\@b” or “a\/b” or “a\\b”, where the added backslash (\) character informs the system how to handle the character that follows.
  • If the CredentialIsUPN property is set to no, the system disregards the special characters and considers the entire user specification to be a string representing the user Authcid.