|
|
|
 |
 |
Archives of the TeradataForumMessage Posted: Fri, 31 Mar 2006 @ 19:11:08 GMT
In follow up... IMPORTANT! I have no idea how your Active Directory is structured. My examples are primitive and provided just to give you an idea what's involved. Your system will definitely look different. Your processes and methodologies are probably different too. Create your roles, profiles and users on the Teradata system. Grant logon WITH NULL PASSWORD to the Teradata users. Please note that the directory users do *NOT* have to be the same as the Teradata users. If you want, you could even map all of the directory users to a single Teradata user. I prefer to have a one-to-one mapping, but you'll have to decide that based on your own realities. Define your Active Directory entities. I suggest that you define roles and profiles here too. That way you can manage the roles and profiles in the AD. To define the AD entities... Define your directory users. Here's an example of a directory user (what I like to call a domain user):
dn: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
tdatProfileMemberOf:
CN=profile_adex,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
tdatUserMemberOf:
CN=adexuser0,CN=users,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
Define you Profiles. Example:
dn:
CN=profile_adex,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
changetype: add
objectClass: top
objectClass: tdatProfile
tdatProfileMember: CN=adexuser2,CN=Users,DC=k1dns,DC=ncr,DC=com
tdatProfileMember: CN=adexuser1,CN=Users,DC=k1dns,DC=ncr,DC=com
tdatProfileMember: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com
Define your roles. Example:
dn:
CN=role_adex,CN=roles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
changetype: add
objectClass: top
objectClass: tdatRole
tdatRoleMember: CN=grp_adex,OU=groups,OU=testing,DC=k1dns,DC=ncr,DC=com
Define your Teradata users. Example:
dn:
CN=adexuser0,CN=users,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
changetype: add
objectClass: top
objectClass: tdatUser
tdatUserMember: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com
Define your user groups. Example:
dn: CN=grp_adex,OU=groups,OU=testing,DC=k1dns,DC=ncr,DC=com
changetype: add
objectClass: top
objectClass: group
member: CN=adexuser3,CN=Users,DC=k1dns,DC=ncr,DC=com
member: CN=adexuser2,CN=Users,DC=k1dns,DC=ncr,DC=com
member: CN=adexuser1,CN=Users,DC=k1dns,DC=ncr,DC=com
member: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com
tdatRoleMemberOf:
CN=role_adex,CN=roles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com
Lastly, create the desired mapping. In other words, you'll want to map the directory user to a Teradata user, and map the Teradata user to appropriate user groups, and map the roles and profiles to appropriate user groups. The mapping step results in the Member and MemberOf attributes that you see above. For instance... Domain user adexuser0 is a member of the group grp_adex. Users in that group have a role of role_adex. User adexuser0 is also associated with (tdatProfileMemberOf) the profile profile_adex. User adexuser0 is mapped to (tdatUserMemberOf) a Teradata user of the same name. Therefore, when directory user adexuser0 logs on to Teradata, he/she will be logged on as Teradata user adexuser0 having a role of role_adex and a profile of profile_adex.
| |||||||||||||||||||||||||||||||||||||||||||||||||
| | |||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||
| Copyright 2016 - All Rights Reserved | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Last Modified: 15 Jun 2023 | |||||||||||||||||||||||||||||||||||||||||||||||||||
