Sample Identity Map for Logging on with a UPN - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

You can configure the LDAP mechanism to create an identity map for usernames that logon with a FQDN, such as user@dom1.dom2.dom3, for example:

<Mechanism Name="ldap">
    <MechanismProperties
        ...
        />
    <IdentityMap
      Match="([^@]+)@([^\.]+)\.([^\.]+)\.([^\.]+)"
      Pattern="uid=${1},ou=users,dc=${2},dc=${3},dc=${4}"/>
      DatabaseName="${1}"/>
</Mechanism>

where:

Attribute Name Example Attribute Value Description
Match (required) "([^@]+)@([^\.]+)\.([^\.]+)\.([^\.]+)" A Posix regular expression representing a matching rule that shows how the username is divided into sub-strings. The individual substrings are enclosed by ( ).
Pattern (required) "uid=${1},ou=users,dc=${2},dc=${3},dc=${4}" The substitution rule that determines how the map extrapolates a DN from the username substrings defined in the Match attribute.
DatabaseName (optional) "${1}" Defines how the system rewrites the username so that the database can identify the user in a particular form.

The value ${1} identifies the user in the database using only the uid portion of the logon, and drops the ${2}, ${3}, and ${4} portions of the username.

The identity map does not require a service bind.