LDAP prerequisites and definitions

Before you configure LDAP authentication for your Vertica database you must have:.

Prerequisites

Before you configure LDAP authentication for your Vertica database you must have:

  • IP address and host name for the LDAP server. Vertica supports IPv4 and IPv6 addresses.

  • Your organization's Active Directory information.

  • A service account for search and bind.

  • Administrative access to your Vertica database.

  • open-ldap-tools package installed on at least one node. This package includes ldapsearch.

Definitions

The following definitions are important to remember for LDAP authentication:

Parameter name Description
Host IP address or host name of the LDAP server. Vertica supports IPv4 and IPv6 addresses. For more information, see IPv4 and IPv6 for Client Authentication.
Common name (CN) Depending on your LDAP environment, this value can be either the username or the first and last name of the user.
Domain component (DC)

Comma-separated list that contains your organization's domain component broken up into separate values, for example:

dc=vertica, dc=com

Distinguished name (DN) domain.com. A DN consists of two DC components, as in "DC=example, DC= com".
Organizational unit (OU) Unit in the organization with which the user is associated, for example, Vertica Users.
sAMAccountName An Active Directory user account field. This value is usually the attribute to be searched when you use bind and search against the Microsoft Active Directory server.
UID A commonly used LDAP account attribute used to store a username.
Bind LDAP authentication method that allows basic binding using the DN.
Search and bind LDAP authentication method that must log in to the LDAP server to search on the specified attribute.
Service account An LDAP user account that can be used to log in to the LDAP server during bind and search. This account's password is usually shared.
Anonymous binding Allows a client to connect and search the directory (search and bind) without needing to log in.
ldapsearch A command-line utility to search the LDAP directory. It returns information that you use to configure LDAP search and bind.
basedn Distinguished name where the directory search should begin.
binddn Domain name to find in the directory search.
search_attribute Text to search for to locate the user record. The default is UID.