I am using Teradata Vantage 17.10 and successfully enabled the LDAP configuration. I create one user in Teradata identical to my LDAP user. I successfully managed to log in with this user if I shifted the mechanism to LDAP. So all the configuration is correct if I change the password of a user in LDAP it affects the Teradata as well. So all the new users created in LDAP have access to the Teradata viewpoint as well.
What Problem do I face? Now the issue is when I create a new user in LDAP it is not able to log in with the Teradata database via TD-Studio. I have to manually create the same user in Teradata. I don't want to create all users manually. I want all the new users from LDAP created in the Teradata database as well.
I am looking for any idea or advice on how can I do it. Even the documentation link will be helpful I didn't manage to find this in the Documentation. Thank you in Advance.
I try to create a profile add the user to the profile and also set a role. I try to use the TDNEGOCONF utility but this is not available in 17.10
---------------------------- UPDATE --------------------------------
When I follow the link provided in the command I have managed to do the following. I create a user the same as ldap in Teradata. I create an external role I am not able to add a user for an external role as this error appears
Executed as Single statement. Failed [5930 : HY000] External role 'ldapAdmin' may not be granted in the database.
Elapsed time = 00:00:00.377
STATEMENT 1: GRANT failed.
In documentation this is an example provided.
dn: cn=profile1,ou=profiles,cn=systemone,cn=tdat,dc=domain,dc=com
changeType: modify
add: member
member: uid=dirUser7,ou=people,dc=domain,dc=com
dn: cn=profile2,ou=profiles,cn=systemone,cn=tdat,dc=domain,dc=com
changeType: modify
add: member
member: uid=dirUser3,ou=people,cn=domain,cn=com
The question is in which file I need to update these settings. There is no pat or file name mentioned in the documentation.
-----------------------------------UPDATE 2 --------------------------
#!/bin/sh
#
# usage: loadschema server
#
if [ $# != 1 ]; then
echo "Wrong # args"
echo "usage: $0 server"
exit 1
fi
cd /opt/teradata/tdgss/etc
SNC=$(ldapsearch -H ldap://$1 -b "" -s base schemanamingcontext | \
grep -i schemanamingcontext | \
cut -d' ' -f2)
if [ "$SNC" = "" ]; then
echo "Schema naming context not found on server $1"
exit 1
fi
cat tdat.actdir.schema ipfilter.actdir.schema policy.actdir.schema | \
sed -e "s/CN=Schema/$SNC/" | \
ldapmodify -x -c -H ldap://$1 -D "cn=tauqer,dc=domain,dc=com" -W
I have removed -z as I am not using TSL and I don't have Kerberos either.
-----------------------UPDATE ------------------------ from the above script when I ass -b "OU=Users,DC=Domain,DC=com the error went away and ldapmodify run but show this error Now My username and Password is correct.
Enter LDAP Password:
adding new entry "cn=tdatProfileMember,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
adding new entry "cn=tdatProfileMemberOf,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
adding new entry "cn=tdatRoleMember,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
adding new entry "cn=tdatRoleMemberOf,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
adding new entry "cn=tdatUserMember,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
adding new entry "cn=tdatUserMemberOf,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
modifying entry ""
adding new entry "cn=tdatGroupExt,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
modifying entry "cn=Group,requesting:"
ldap_modify: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0910C0, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
adding new entry "cn=tdatUserExt,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
modifying entry "cn=User,requesting:"
ldap_modify: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0910C0, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
adding new entry "cn=tdatRootNode,requesting:"
ldap_add: Invalid DN syntax (34)
additional info: 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
'requesting:'
modifying entry ""
adding new entry "cn=tdatSystem,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
adding new entry "cn=tdatContainer,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
adding new entry "cn=tdatProfile,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatUser,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatRole,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
modifying entry ""
adding new entry "cn=tdatPolicy,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
adding new entry "cn=tdatPolicyContainer,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""
adding new entry "cn=tdatMechanism,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatConfidentialityQoP,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatIntegrityQoP,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatOption,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatInternalNetworkGroup,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
adding new entry "cn=tdatExternalNetworkGroup,requesting:"
ldap_add: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
modifying entry ""