LDAP prerequisites and definitions
Before you configure LDAP authentication for your Vertica database you must have:.
Prerequisites
Before you configure LDAP authentication for your Vertica database you must have:
-
IP address and host name for the LDAP server. Vertica supports IPv4 and IPv6 addresses.
-
Your organization's Active Directory information.
-
A service account for search and bind.
-
Administrative access to your Vertica database.
-
open-ldap-toolspackage installed on at least one node. This package includesldapsearch.
Definitions
The following definitions are important to remember for LDAP authentication:
| Parameter name | Description |
|---|---|
| Host | IP address or host name of the LDAP server. Vertica supports IPv4 and IPv6 addresses. For more information, see IPv4 and IPv6 for Client Authentication. |
| Common name (CN) | Depending on your LDAP environment, this value can be either the username or the first and last name of the user. |
| Domain component (DC) |
Comma-separated list that contains your organization's domain component broken up into separate values, for example:
|
| Distinguished name (DN) | domain.com. A DN consists of two DC components, as in "DC=example, DC= com". |
| Organizational unit (OU) | Unit in the organization with which the user is associated, for example, Vertica Users. |
| sAMAccountName | An Active Directory user account field. This value is usually the attribute to be searched when you use bind and search against the Microsoft Active Directory server. |
| UID | A commonly used LDAP account attribute used to store a username. |
| Bind | LDAP authentication method that allows basic binding using the DN. |
| Search and bind | LDAP authentication method that must log in to the LDAP server to search on the specified attribute. |
| Service account | An LDAP user account that can be used to log in to the LDAP server during bind and search. This account's password is usually shared. |
| Anonymous binding | Allows a client to connect and search the directory (search and bind) without needing to log in. |
ldapsearch |
A command-line utility to search the LDAP directory. It returns information that you use to configure LDAP search and bind. |
| basedn | Distinguished name where the directory search should begin. |
| binddn | Domain name to find in the directory search. |
| search_attribute | Text to search for to locate the user record. The default is UID. |