Add Corporate LDAP Configuration | Teradata AppCenter - Adding Corporate LDAP Configuration - Teradata AppCenter

Teradata® AppCenter Customer Installation and Upgrade Guide for vSphere

Product
Teradata AppCenter
Release Number
1.10
Published
June 2020
Language
English (United States)
Last Update
2020-07-02
dita:mapPath
ixs1586886570933.ditamap
dita:ditavalPath
ft:empty
dita:id
B035-1117
lifecycle
previous
Product Category
Analytical Ecosystem

User authentication is based on configured domains. AppCenter supports both LDAP and LDAPS and multiple LDAP domains and LDAP groups. If you added an OpenLDAP configuration, it will still work with your instance of AppCenter after you add corporate LDAP.

If a user is part of a configured LDAP domain, they can log into AppCenter and are added as a user automatically at that time.

Only the root user can add corporate LDAP configuration.

  1. Select "" > Settings > Authentication > "" .
  2. Complete the LDAP configuration.
    Setting Required Description Example
    Server Display name of server. LDAP Server
    URL LDAP or LDAPS server hostname.
    • ldap.yourcompany.com
    • ldaps.yourcompany.com
    Port LDAP or LDAPS server port.
    • 389 (LDAP)
    • 636 (LDAPS)
    • 3268 (Active Directory Global Catalog, LDAP)
    • 3269 (Active Directory Global Catalog, LDAPS)
    Encryption  
    • None provides no encryption for connectivity.
    • LDAPS incorporates SSL for greater security.
     
    Base domain Base DN for your tree. Can be shifted to restrict users from a single tree from logging in. DC=YOURCOMPANY,DC=COM
    Domain search user User DN for user to connect to LDAP server. CN=AppCenter-User,OU=Service Accounts,DC=YOURCOMPANY,DC=COM
    Domain search password Password for search user.  
    Vendor Vendor of your LDAP directory. OpenLDAP would be Other, which includes OpenLDAP, Novell eDirectory, Red Hat's 389 Directory Service, or ApacheDS.
    User object classes LDAP object classes that identify your users. The default, person, OrganizationalPerson, user should match most organizations.
    Id field Unique LDAP attribute within the directory to identify user accounts. For Active Directory, this attribute can be objectGUID or sAMAccountName.

    For eDirectory, this attribute can be GUID.

    It can also be CN if CN is unique for your entire directory.

    If you are using posixAccount, it can be posixAccount.

    Name field Username attribute. For Active Directory, this attribute can be sAMAccountName.

    It can also be CN if that is your login name.

    If you are using posixAccount, it can be posixAccount.

    Member of field Attribute in a user entry for group membership. Should contain a DN pointing to the groups the user is a member of. Not all directories support reverse membership. For Active Directory, this attribute is typically memberOf.

    For eDirectory, it is typically groupMembership.

    Member field Attribute in a group entry for user membership. Should contain a DN pointing to the users who are members of the group. For most directories, this attribute should be member.
    Email field Email attribute. For most directories, this attribute should be mail.
    Group Base ●* Base DN containing all of your groups. OU=Groups,DC=YOURCOMPANY,DC=COM
    Group ID ●* Unique identifier for your groups. cn

    For Active Directory, this can also be the sAMAccountName.

    * If using LDAP groups

    Once you complete corporate LDAP configuration, all users who are part of that configured LDAP have access to AppCenter.