|
Archives of the TeradataForumMessage Posted: Fri, 31 Mar 2006 @ 19:11:08 GMT
In follow up... IMPORTANT! I have no idea how your Active Directory is structured. My examples are primitive and provided just to give you an idea what's involved. Your system will definitely look different. Your processes and methodologies are probably different too. Create your roles, profiles and users on the Teradata system. Grant logon WITH NULL PASSWORD to the Teradata users. Please note that the directory users do *NOT* have to be the same as the Teradata users. If you want, you could even map all of the directory users to a single Teradata user. I prefer to have a one-to-one mapping, but you'll have to decide that based on your own realities. Define your Active Directory entities. I suggest that you define roles and profiles here too. That way you can manage the roles and profiles in the AD. To define the AD entities... Define your directory users. Here's an example of a directory user (what I like to call a domain user): dn: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user tdatProfileMemberOf: CN=profile_adex,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com tdatUserMemberOf: CN=adexuser0,CN=users,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com Define you Profiles. Example: dn: CN=profile_adex,CN=profiles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com changetype: add objectClass: top objectClass: tdatProfile tdatProfileMember: CN=adexuser2,CN=Users,DC=k1dns,DC=ncr,DC=com tdatProfileMember: CN=adexuser1,CN=Users,DC=k1dns,DC=ncr,DC=com tdatProfileMember: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com Define your roles. Example: dn: CN=role_adex,CN=roles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com changetype: add objectClass: top objectClass: tdatRole tdatRoleMember: CN=grp_adex,OU=groups,OU=testing,DC=k1dns,DC=ncr,DC=com Define your Teradata users. Example: dn: CN=adexuser0,CN=users,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com changetype: add objectClass: top objectClass: tdatUser tdatUserMember: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com Define your user groups. Example: dn: CN=grp_adex,OU=groups,OU=testing,DC=k1dns,DC=ncr,DC=com changetype: add objectClass: top objectClass: group member: CN=adexuser3,CN=Users,DC=k1dns,DC=ncr,DC=com member: CN=adexuser2,CN=Users,DC=k1dns,DC=ncr,DC=com member: CN=adexuser1,CN=Users,DC=k1dns,DC=ncr,DC=com member: CN=adexuser0,CN=Users,DC=k1dns,DC=ncr,DC=com tdatRoleMemberOf: CN=role_adex,CN=roles,CN=end2end,CN=tdat,OU=testing,DC=k1dns,DC=ncr,DC=com Lastly, create the desired mapping. In other words, you'll want to map the directory user to a Teradata user, and map the Teradata user to appropriate user groups, and map the roles and profiles to appropriate user groups. The mapping step results in the Member and MemberOf attributes that you see above. For instance... Domain user adexuser0 is a member of the group grp_adex. Users in that group have a role of role_adex. User adexuser0 is also associated with (tdatProfileMemberOf) the profile profile_adex. User adexuser0 is mapped to (tdatUserMemberOf) a Teradata user of the same name. Therefore, when directory user adexuser0 logs on to Teradata, he/she will be logged on as Teradata user adexuser0 having a role of role_adex and a profile of profile_adex.
| |||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||
Copyright 2016 - All Rights Reserved | |||||||||||||||||||||||||||||||||||||||||||||||||||
Last Modified: 15 Jun 2023 | |||||||||||||||||||||||||||||||||||||||||||||||||||