Finding the Available Sites in the Forest - Advanced SQL Engine - Teradata Database

Security Administration
Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

Once you choose a GC server, you must use the ldapsearch command to search for sites that contain GC servers that can authenticate users.

  1. Use the ldapsearch command to locate the configurationNamingContext for the forest:
    ldapsearch -x -b "" -s base -H ldap://GC_server_name:port  configurationNamingContext

    where:

    Option Description
    GC_server_name The DNS name of the GC server. For instructions on finding the server, see Finding All GC Servers in the Forest.
    port The port number for the GC_server_name.

    The ldapsearch command produces output similar to the following:

    # extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: configurationNamingContext
#
#

dn:
configurationNamingContext: CN=Configuration,DC=ROOTDOMAIN,DC=COM

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

    where the value of the configurationNamingContext attribute is the -b search base you must use to find sites.

  2. Use the value of the configurationNamingContext attribute to construct an ldapsearch command that lists the sites served by the GC server, that is, sites at which the GC server can locally authenticate users, based on the binding scheme used by the site.
    • For simple binding:
      ldapsearch -x -D  user_principal_name  -W -H ldap://GC_server_name:port  -ZZ \
   -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
    • For DIGEST-MD5 binding: 
      ldapsearch -Y DIGEST-MD5 -U  user_name  -H ldap://GC_server_name:port \
   -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
      The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.

      where:

      Command Variable Description
      user_principal_name The UPN for the user running the command.
      user_name The domain username for the user running the command.
      GC_server_name The GC server selected in Finding All GC Servers in the Forest.
      port The GC server default port.
      config_naming_context The value of the configurationNamingContext attribute. See Finding the Root Domain Name.
      For command options not described in the preceding table, see Working with Ldapsearch.

      The ldapsearch command returns output similar to:

      # extended LDIF
#
# LDAPv3
# base <CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM> with scope one
# filter: (objectClass=site)
# requesting: cn

# China, Sites, Configuration, ROOTDOMAIN.COM
dn: CN=China,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
cn: China

# NewYorkDiv, Sites, Configuration, ROOTDOMAIN.COM
dn: CN=NewYorkDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
cn: NewYorkDiv

# SanDiegoHQ, Sites, Configuration, ROOTDOMAIN.COM
dn: CN=SanDiegoHQ,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
cn: SanDiegoHQ

# India, Sites, Configuration, ROOTDOMAIN.COM
dn: CN=India,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
cn: India

# Japan, Sites, Configuration, ROOTDOMAIN.COM
dn: CN=Japan,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
cn: Japan

# ChicagoDiv, Sites, Configuration, ROOTDOMAIN.COM
dn: CN=ChicagoDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM
cn: ChicagoDiv

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6

      The example output shows three sites, China, India, and Japan, which are not listed in the search of the single domain shown in Locating the Site Objects in a Domain, and therefore represent separate domains within the forest.