16.10 - Finding the Available Sites in the Forest - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

Once you choose a GC server, you must use the ldapsearch command to search for sites that contain GC servers that can authenticate users.

  1. Use the ldapsearch command to locate the configurationNamingContext for the forest:
    ldapsearch -x -b "" -s base -H ldap://GC_server_name:port  configurationNamingContext

    where:

    Option Description
    GC_server_name The DNS name of the GC server. For instructions on finding the server, see Finding All GC Servers in the Forest.
    port The port number for the GC_server_name.

    The ldapsearch command produces output similar to the following:

    # extended LDIF
    #
    # LDAPv3
    # base <> with scope base
    # filter: (objectclass=*)
    # requesting: configurationNamingContext
    #
    #
    
    dn:
    configurationNamingContext: CN=Configuration,DC=ROOTDOMAIN,DC=COM
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1

    where the value of the configurationNamingContext attribute is the -b search base you must use to find sites.

  2. Use the value of the configurationNamingContext attribute to construct an ldapsearch command that lists the sites served by the GC server, that is, sites at which the GC server can locally authenticate users, based on the binding scheme used by the site.
    • For simple binding:
      ldapsearch -x -D  user_principal_name  -W -H ldap://GC_server_name:port  -ZZ \
         -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
    • For DIGEST-MD5 binding
      ldapsearch -Y DIGEST-MD5 -U  user_name  -H ldap://GC_server_name:port \
         -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn

      where:

      Command Variable Description
      user_principal_name The UPN for the user running the command.
      user_name The domain username for the user running the command.
      GC_server_name The GC server selected in Finding All GC Servers in the Forest.
      port The GC server default port.
      config_naming_context The value of the configurationNamingContext attribute. See Finding the Root Domain Name.
      For command options not described in the preceding table, see Working with Ldapsearch.

      The ldapsearch command returns output similar to:

      # extended LDIF
      #
      # LDAPv3
      # base <CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM> with scope one
      # filter: (objectClass=site)
      # requesting: cn
      
      # China, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=China,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: China
      
      # NewYorkDiv, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=NewYorkDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: NewYorkDiv
      
      # SanDiegoHQ, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=SanDiegoHQ,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: SanDiegoHQ
      
      # India, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=India,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: India
      
      # Japan, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=Japan,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: Japan
      
      # ChicagoDiv, Sites, Configuration, ROOTDOMAIN.COM
      dn: CN=ChicagoDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
      cn: ChicagoDiv
      
      # search result
      search: 2
      result: 0 Success
      
      # numResponses: 7
      # numEntries: 6

      The example output shows three sites, China, India, and Japan, which are not listed in the search of the single domain shown in Locating the Site Objects in a Domain, and therefore represent separate domains within the forest.