Special Objects and Attributes Required for Active Directory, ADAM, and AD LDS - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

To fully utilize the objects in the Teradata schema extensions, Active Directory, ADAM, and AD LDS automatically generate three additional objects, along with associated attributes and values, when you install Teradata schema extensions in the directory.

Object Related Attribute
tdatUserExt Optional for:
  • tdatUserMemberOff
  • tdatProfileMemberOft
tdatGroupExt Optional for tdatRoleMemberOf
tdatIPFilterExt Optional for tdatIPFilterMemberOf

The attributes of these special Active Directory/ADAM/AD LDS objects are linked to other attributes common to all directories.

This common attribute... Links to this special Active Directory, ADAM, or AD LDS attribute...
tdatUserMember tdatUserMemberOf
tdatRoleMember tdatRoleMemberOf
tdatProfileMember tdatProfileMemberOf
tdatIPFilterMember tdatIPFilterMemberOf

When you map a Teradata Vantage user to a directory user by adding a tdatUserMember attribute to the tdatUser object, you must set the value of the tdatUserMember attribute to the FQDN of the directory user. Because the two attributes are linked, the directory automatically creates a tdatUserMemberOf attribute in the directory user object, which points back to the tdatUser object.

Mapping of tdatProfile objects to users and tdatRole objects to groups is similar, in that it requires setting a value for the tdatProfileMember and tdatRolemember attributes.

Removing values from the member attributes also has some automatic consequences in Active Directory, ADAM, and AD LDS, for example:

  • When you remove a tdatUserMember attribute from a tdatUser object, the directory automatically removes the corresponding tdatUserMemberOf attribute.
  • If you remove a user from the directory, the directory automatically removes the corresponding tdat Member attributes from any objects mapped to the user.