Home Page for the TeradataForum
 

Archives of the TeradataForum

Message Posted: Fri, 31 Mar 2006 @ 19:11:08 GMT


     
  <Prev Next>   <<First <Prev
Next>
Last>>
 


Subj:   Re: How to connect teradata to Active Directory Services Interface.
 
From:   Greene, Thomas L

  Of course, this assumes you have the necessary entries already in the directory. Administration of your Active .Directory server is a bigger subject than I'm willing to include in this email.  


In follow up...

IMPORTANT! I have no idea how your Active Directory is structured. My examples are primitive and provided just to give you an idea what's involved. Your system will definitely look different. Your processes and methodologies are probably different too.

Create your roles, profiles and users on the Teradata system. Grant logon WITH NULL PASSWORD to the Teradata users. Please note that the directory users do *NOT* have to be the same as the Teradata users. If you want, you could even map all of the directory users to a single Teradata user. I prefer to have a one-to-one mapping, but you'll have to decide that based on your own realities.

Define your Active Directory entities. I suggest that you define roles and profiles here too. That way you can manage the roles and profiles in the AD. To define the AD entities...

Define your directory users. Here's an example of a directory user (what I like to call a domain user):

     dn: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com
     changetype: add
     objectClass: top
     objectClass: person
     objectClass: organizationalPerson
     objectClass: user
     tdatProfileMemberOf:
     CN=profile_adex,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
     tdatUserMemberOf:
     CN=adexuser0,CN=users,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com

Define you Profiles. Example:

     dn:
     CN=profile_adex,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
     changetype: add
     objectClass: top
     objectClass: tdatProfile
     tdatProfileMember: CN=adexuser2,CN=Users,DC=k1dns,DC=ncr,DC=com
     tdatProfileMember: CN=adexuser1,CN=Users,DC=k1dns,DC=ncr,DC=com
     tdatProfileMember: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com

Define your roles. Example:

     dn:
     CN=role_adex,CN=roles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
     changetype: add
     objectClass: top
     objectClass: tdatRole
     tdatRoleMember: CN=grp_adex,OU=groups,OU=testing,DC=k1dns,DC=ncr,DC=com

Define your Teradata users. Example:

     dn:
     CN=adexuser0,CN=users,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
     changetype: add
     objectClass: top
     objectClass: tdatUser
     tdatUserMember: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com

Define your user groups. Example:

     dn: CN=grp_adex,OU=groups,OU=testing,DC=k1dns,DC=ncr,DC=com
     changetype: add
     objectClass: top
     objectClass: group
     member: CN=adexuser3,CN=Users,DC=k1dns,DC=ncr,DC=com
     member: CN=adexuser2,CN=Users,DC=k1dns,DC=ncr,DC=com
     member: CN=adexuser1,CN=Users,DC=k1dns,DC=ncr,DC=com
     member: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com
     tdatRoleMemberOf:
     CN=role_adex,CN=roles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com

Lastly, create the desired mapping. In other words, you'll want to map the directory user to a Teradata user, and map the Teradata user to appropriate user groups, and map the roles and profiles to appropriate user groups. The mapping step results in the Member and MemberOf attributes that you see above. For instance...

Domain user adexuser0 is a member of the group grp_adex. Users in that group have a role of role_adex. User adexuser0 is also associated with (tdatProfileMemberOf) the profile profile_adex. User adexuser0 is mapped to (tdatUserMemberOf) a Teradata user of the same name.

Therefore, when directory user adexuser0 logs on to Teradata, he/she will be logged on as Teradata user adexuser0 having a role of role_adex and a profile of profile_adex.



     
  <Prev Next>   <<First <Prev
Next>
Last>>
 
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 15 Jun 2023